UK moves to mirror GDPR with Data Protection Bill

Bill begins journey through Parliament

Government

The government's Data Protection Bill began its journey through Parliament today with the intention of replacing the current Data Protection Act enshrined in 1998.

The bill, published today, will also transfer the EU's General Data Protection Regulation (GDPR) into UK law ahead of the UK's exit from the EU, to ensure the union and the UK can still share data across borders.

Matt Hancock, minister of digital, said in a statement: "We are strengthening Britain's data rules to make them fit for the digital age in which we live and that means giving people more control over their own data.

"There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work."

The new bill aims to modernise the UK's data protection framework to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.

Under the bill, the current freedom of the press to access data in the public interest will be maintained, as well as ensuring universities and museums need not comply with some measures that would hinder their research.

It also outlines measures to prevent doping in sports, to prevent terrorist financing, money laundering, and child abuse.

Mirroring GDPR

The new bill makes clear that - as Hancock suggested to the House of Lords' EU Home Affairs sub-committee in February - that the UK will reflect GDPR in its own data protection laws in order to ensure the data-flows between the areas continue uninterrupted.

Under the plans, individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. Unlike GDPR, this will also mean that people can ask social media channels to delete information they posted in their childhood.

The government said that the reliance on default opt-out or pre-selected 'tick boxes' for data collection consent, "which are largely ignored" will also disappear.

The data protection regulator, the Information Commissioner's Office (ICO), will be given more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of global turnover, in cases of the most serious data breaches.

Information Commissioner Elizabeth Denham welcomed the bill, saying: "Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."

Sarah Armstrong-Smith, head of continuity & resilience at Fujitsu UK & Ireland, added: "The new proposals are not a bad thing, as it is a good sign that the bill will fall in line with GDPR and we will continue to see the principles applied even once the UK leaves the EU."

Welcoming the bill, Sheila FitzPatrick, chief privacy officer at NetApp, said businesses must still continue their efforts to comply with GDPR, while doing so will ensure compliance.

She said: "While the bill will help bring the UK up to the European standard and replace the woefully outdated Data Protection Act, businesses cannot rest on their laurels and assume the government will achieve compliance on their behalves.

"UK businesses of all sizes will still have to reassess their compliance framework to ensure they are able to address key GDPR requirements like the right to be forgotten, and explicit and unambiguous consent ahead of the 25 May 2018 deadline -- which is just over 250 days away."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020