For businesses still grappling with an understanding of how to comply with the General Data Protection Regulation (GDPR) the news that the UK Government is planning a major overhaul of data protection law to create a “pro-growth and pro-innovation” regime may be timely.
The GDPR has been viewed by many as being overly prescriptive and lacking in flexibility. And in its recently published consultation “Data: A new direction”, the government is proposing to reform UK data protection law to allow for:
• More innovative use of personal data
• Reduction in red tape and administrative burdens
• Ease of transfer of personal data to third countries 
• Better use of data in public services 
• Setting of new strategic objectives for the Information Commissioner’s Office.
This all sounds commendable but organisations need to understand that with change come new risks and it likely that new obligations will be introduced to further protect and enhance the  privacy and security of an individual’s  personal information. 
As cyber attacks continue to increase in their sophistication and regularity, businesses of all sizes must ensure they put data security at the top of their agenda. 
Falling victim to a cyber attack can be hugely damaging to the financial viability and reputation of any organisation. In some situations, a business may never recover from such devastating circumstances.