The UK Data Protection Bill – an overhaul of Data Protection Legislation?
During the Queen’s speech on 21 June 2017, a new UK Data Protection Bill was announced, which will be introduced to Parliament in September. We have been focusing on the General Data Protection Regulation (GDPR) – an EU Regulation coming into force on 25 May 2018 – so what does this new UK Bill mean?
The new UK Data Protection Bill was advocated by the Digital Secretary, Matt Hancock who has said that, “the new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use and prepare Britain for Brexit.”
Elizabeth Denholm, the current UK Information Commissioner, says, “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”
Although the UK are scheduled to leave the EU by the end of March 2019, since the GDPR comes into force throughout the EU on 25 May 2018, the UK will have to comply with the GDPR for around a year; and as we have previously indicated, the UK will also have to comply with the GDPR (or such like standards of data protection) after its withdrawal from the EU if it wants to continue to do business in the EU when processing the data of EU citizens.
Therefore, the UK Data Protection Bill, will transfer the GDPR obligations into UK law to ensure that the UK has GDPR standards of data protection laws before Brexit. There are also a number of areas where the GDPR allows Member States to legislate on areas and the Bill will set out the UK stance on such areas. We will know more about the “UK stance” on these areas, probably sometime after September following the first reading of the Bill in the UK Parliament.
So don’t panic – the new Data Protection Bill is the GDPR in UK disguise!!
In the UK, fines will reach up to £17 million or 4% of global turnover, whichever is higher. This is a huge increase from the current £500,000 limit on data protection fines in the UK. Therefore, UK companies and companies who process UK data, cannot afford to ignore the new data protection laws. The UK’s Information Commissioner will have new strengthened and extended powers to enforce the new regime.
Not to fear! Companies will not have to prepare to comply with the GDPR and the new UK Data Protection Bill – the UK Bill will mirror the GDPR and allow the UK to move seamlessly in terms of data protection between EU and UK legislation upon Brexit.
So, if you are GDPR compliant, you have nothing to worry about! To find out how to become GDPR compliant:
- Read our blogs;
- Attend our seminars; and
- Contact us for further advice!