UK moves to mirror GDPR with Data Protection Bill

Bill begins journey through Parliament

Government

The government's Data Protection Bill began its journey through Parliament today with the intention of replacing the current Data Protection Act enshrined in 1998.

The bill, published today, will also transfer the EU's General Data Protection Regulation (GDPR) into UK law ahead of the UK's exit from the EU, to ensure the union and the UK can still share data across borders.

Matt Hancock, minister of digital, said in a statement: "We are strengthening Britain's data rules to make them fit for the digital age in which we live and that means giving people more control over their own data.

"There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The new bill aims to modernise the UK's data protection framework to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.

Under the bill, the current freedom of the press to access data in the public interest will be maintained, as well as ensuring universities and museums need not comply with some measures that would hinder their research.

It also outlines measures to prevent doping in sports, to prevent terrorist financing, money laundering, and child abuse.

Mirroring GDPR

The new bill makes clear that - as Hancock suggested to the House of Lords' EU Home Affairs sub-committee in February - that the UK will reflect GDPR in its own data protection laws in order to ensure the data-flows between the areas continue uninterrupted.

Under the plans, individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. Unlike GDPR, this will also mean that people can ask social media channels to delete information they posted in their childhood.

Advertisement - Article continues below

The government said that the reliance on default opt-out or pre-selected 'tick boxes' for data collection consent, "which are largely ignored" will also disappear.

The data protection regulator, the Information Commissioner's Office (ICO), will be given more power to defend consumer interests and issue higher fines, of up to 17 million or 4% of global turnover, in cases of the most serious data breaches.

Information Commissioner Elizabeth Denham welcomed the bill, saying: "Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."

Sarah Armstrong-Smith, head of continuity & resilience at Fujitsu UK & Ireland, added: "The new proposals are not a bad thing, as it is a good sign that the bill will fall in line with GDPR and we will continue to see the principles applied even once the UK leaves the EU."

Advertisement
Advertisement - Article continues below

Welcoming the bill, Sheila FitzPatrick, chief privacy officer at NetApp, said businesses must still continue their efforts to comply with GDPR, while doing so will ensure compliance.

She said: "While the bill will help bring the UK up to the European standard and replace the woefully outdated Data Protection Act, businesses cannot rest on their laurels and assume the government will achieve compliance on their behalves.

Advertisement - Article continues below

"UK businesses of all sizes will still have to reassess their compliance framework to ensure they are able to address key GDPR requirements like the right to be forgotten, and explicit and unambiguous consent ahead of the 25 May 2018 deadline -- which is just over 250 days away."

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/antivirus/354328/microsoft-to-scrap-security-essentials-when-windows-7-reaches-end-of-life
antivirus

Microsoft to scrap Security Essentials when Windows 7 reaches end-of-life

13 Dec 2019