On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union.

Unlocking the data economy

The Strategy notes the opportunities presented through the use of data analytics, artificial intelligence and the internet of things. Noting a recent Information Commissioner’s Office study, which found that only one in four UK adults trust businesses with personal data, a key aspect of the Strategy is to improve public trust and confidence in the use of data, enabling the UK to house a ‘world-leading’ data economy. To this end, the Strategy confirms that the UK will implement the General Data Protection Regulation by May 2018 (“GDPR”), ensuring a “shared and higher standard of protection for consumers and their data cross Europe and beyond.” Businesses will also be encouraged to adopt ethical frameworks for the use of data.

To further build public trust, the Strategy also announces a review of existing data protection offences, and states that stronger sanctions will be introduced for “deliberate and negligent re-identification or anonymised data,” with the health care sector called out as an industry of particular focus. This development highlights the importance of businesses developing robust compliance structures that safeguard data, even once anonymised.

The Strategy also notes that the UK government will seek to ensure that data flows remain uninterrupted following the UK’s withdrawal from the EU.

Cyber security

The Strategy also addresses cyber security and identifies three key objectives:

  • To defend the UK against cyber threats;
  • To deter aggression against the UK, including through taking offensive action in cyberspace if necessary;
  • To further develop the growing cyber-security industry.

The government identifies a number of methods of achieving these outcomes, including using the GDPR to drive improvements in risk management, expanding efforts within law enforcement agencies, forming partnerships with industry and through the operations of the National Cyber Security Centre.

What next?

In a time of uncertainty, the Strategy provides a glimpse of the government’s intention for future regulation in the UK. Companies should use the following year to ensure their compliance frameworks and systems adequately equip them for the challenges ahead.