UK moves to mirror GDPR with Data Protection Bill

Bill begins journey through Parliament


The government's Data Protection Bill began its journey through Parliament today with the intention of replacing the current Data Protection Act enshrined in 1998.

The bill, published today, will also transfer the EU's General Data Protection Regulation (GDPR) into UK law ahead of the UK's exit from the EU, to ensure the union and the UK can still share data across borders.

Advertisement - Article continues below

Matt Hancock, minister of digital, said in a statement: "We are strengthening Britain's data rules to make them fit for the digital age in which we live and that means giving people more control over their own data.

"There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work."

The new bill aims to modernise the UK's data protection framework to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.

Under the bill, the current freedom of the press to access data in the public interest will be maintained, as well as ensuring universities and museums need not comply with some measures that would hinder their research.

Advertisement - Article continues below
Advertisement - Article continues below

It also outlines measures to prevent doping in sports, to prevent terrorist financing, money laundering, and child abuse.

Mirroring GDPR

The new bill makes clear that - as Hancock suggested to the House of Lords' EU Home Affairs sub-committee in February - that the UK will reflect GDPR in its own data protection laws in order to ensure the data-flows between the areas continue uninterrupted.

Under the plans, individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. Unlike GDPR, this will also mean that people can ask social media channels to delete information they posted in their childhood.

The government said that the reliance on default opt-out or pre-selected 'tick boxes' for data collection consent, "which are largely ignored" will also disappear.

The data protection regulator, the Information Commissioner's Office (ICO), will be given more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of global turnover, in cases of the most serious data breaches.

Advertisement - Article continues below

Information Commissioner Elizabeth Denham welcomed the bill, saying: "Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."

Sarah Armstrong-Smith, head of continuity & resilience at Fujitsu UK & Ireland, added: "The new proposals are not a bad thing, as it is a good sign that the bill will fall in line with GDPR and we will continue to see the principles applied even once the UK leaves the EU."

Welcoming the bill, Sheila FitzPatrick, chief privacy officer at NetApp, said businesses must still continue their efforts to comply with GDPR, while doing so will ensure compliance.

She said: "While the bill will help bring the UK up to the European standard and replace the woefully outdated Data Protection Act, businesses cannot rest on their laurels and assume the government will achieve compliance on their behalves.

"UK businesses of all sizes will still have to reassess their compliance framework to ensure they are able to address key GDPR requirements like the right to be forgotten, and explicit and unambiguous consent ahead of the 25 May 2018 deadline -- which is just over 250 days away."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020