The Department for Digital, Culture, Media and Sport has proposed a new Data Protection Bill, which will transfer the EU’s General Data Protection Regulation (GDPR) into UK law after BREXIT. This means that organisations won’t have to revise their DP practices a second time after the split on 29 March 2019.
GDPR will come into force on 28 May 2018, ten months earlier than BREXIT. It is much more stringent than the previous legislation – the UK Data Protection Act and EU Data Protection Directive – which date from the 1990s.
CJAM GDPR guidelines
CJAM outlined the significant changes the GDPR would necessitate for businesses in February this year. Our advice was that everyone should be preparing well in advance for the new measures by overhauling every aspect of the way they collect, store and use data to ensure compliance.
The planned UK reforms, which were mentioned in The Queen’s Speech, were published on 7 August under Digital Minister, Matt Hancock. As with the GDPR the Data Protection Bill will penalise firms infringing the law, imposing significant fines.
Other proposals are:
- Allowing people to ask for data to be deleted
- Requiring firms to obtain explicit consent when they process sensitive personal data
- Making it simpler for people to withdraw consent for use of their personal data
- Allowing people to more easily obtain information held about them by organisations.
Volumes of data
The Data Protection Bill – Statement of Intent says: “Our vision is to make the UK the safest place to live and do business online. With the increasing volumes of personal data, there is an increasing need to protect it.
“Data loss can have distressing repercussions on individuals whilst risking significant reputational damage for the responsible party. Victims lose trust. In more serious cases significant financial loss can arise on both sides and there are risks of other serious harms.
“Protecting data is a global concern and the UK is at the forefront of innovation in this area.”
On future trade, the DP Bill states: “The ability to transfer data across international borders is crucial to a well-functioning economy. We are committed to ensuring that uninterrupted data flows continue between the UK, the EU and other countries around the world.”
If you would like advice on how to prepare for GDPR, please contact CJAM.