Is it? It is my understanding that the UK has had its own data protection laws, its own information commissioner to enforce this, and its own policy for over thirty years.
Not only does the much more onerous GDPR completely supercede laws we made ourselves, it is a huge ongoing cost to every business, to the extent where GDPR enforcement officials are employed and many American firms have simply decided not to bother showing website content to Europeans.
Data protection is necessary, I agree. Which is all the more reason to keep it in the hands of the British voter. This is just another area of policy we’ve ceded our sovereignty on. GDPR is not necessary. To say otherwise is to demonstrate a lack of knowledge about extant practices and an ignorance of the vast amount of money it’ll cost, forever.