UK moves to mirror GDPR with Data Protection Bill

Bill begins journey through Parliament

Government

The government's Data Protection Bill began its journey through Parliament today with the intention of replacing the current Data Protection Act enshrined in 1998.

The bill, published today, will also transfer the EU's General Data Protection Regulation (GDPR) into UK law ahead of the UK's exit from the EU, to ensure the union and the UK can still share data across borders.

Matt Hancock, minister of digital, said in a statement: "We are strengthening Britain's data rules to make them fit for the digital age in which we live and that means giving people more control over their own data.

"There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The new bill aims to modernise the UK's data protection framework to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.

Under the bill, the current freedom of the press to access data in the public interest will be maintained, as well as ensuring universities and museums need not comply with some measures that would hinder their research.

It also outlines measures to prevent doping in sports, to prevent terrorist financing, money laundering, and child abuse.

Mirroring GDPR

The new bill makes clear that - as Hancock suggested to the House of Lords' EU Home Affairs sub-committee in February - that the UK will reflect GDPR in its own data protection laws in order to ensure the data-flows between the areas continue uninterrupted.

Under the plans, individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. Unlike GDPR, this will also mean that people can ask social media channels to delete information they posted in their childhood.

Advertisement - Article continues below

The government said that the reliance on default opt-out or pre-selected 'tick boxes' for data collection consent, "which are largely ignored" will also disappear.

The data protection regulator, the Information Commissioner's Office (ICO), will be given more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of global turnover, in cases of the most serious data breaches.

Information Commissioner Elizabeth Denham welcomed the bill, saying: "Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."

Sarah Armstrong-Smith, head of continuity & resilience at Fujitsu UK & Ireland, added: "The new proposals are not a bad thing, as it is a good sign that the bill will fall in line with GDPR and we will continue to see the principles applied even once the UK leaves the EU."

Advertisement
Advertisement - Article continues below

Welcoming the bill, Sheila FitzPatrick, chief privacy officer at NetApp, said businesses must still continue their efforts to comply with GDPR, while doing so will ensure compliance.

She said: "While the bill will help bring the UK up to the European standard and replace the woefully outdated Data Protection Act, businesses cannot rest on their laurels and assume the government will achieve compliance on their behalves.

Advertisement - Article continues below

"UK businesses of all sizes will still have to reassess their compliance framework to ensure they are able to address key GDPR requirements like the right to be forgotten, and explicit and unambiguous consent ahead of the 25 May 2018 deadline -- which is just over 250 days away."

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/security/cyber-security/354827/mcafee-researchers-trick-tesla-autopilot-with-a-strip-of-tape
cyber security

McAfee researchers trick Tesla autopilot with a strip of tape

21 Feb 2020