In the Queen’s Speech (outlining the new UK Government’s programme) a new Data Protection Bill has been announced. But don’t think this gets you off the hook with the EU General Data Protection Regulation (GDPR); the two are inextricably linked.
The new Bill will in effect implement the GDPR, which comes into force in May 2018 (before the UK is due to leave the EU). Regardless of Brexit, it will reiterate the UK’s commitment to the privacy principles enshrined in the EU Regulation. For anyone who may have doubted the UK’s committed to the GDPR post-Brexit, this announcement would appear to send a clear message that the UK remains focused on ensuring a robust privacy environment.
The Bill will result in a new Data Protection Act replacing the Data Protection Act (1998) and will add clarity on how the UK will apply statutory controls to areas of the GDPR where Member States have been given some flexibility i.e. the derogations. As and when the UK leaves the EU the new Data Protection Act would replace the GDPR.
The Government says the Bill will ensure that the UK’s “data protection framework is suitable for our new digital age and cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data”.
A key focus will be to ensure the privacy rights of individuals are protected, with the Queen’s Speech stating the Bill will “strengthen rights and empower individuals to have more control over their personal data including a right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it”.
The powers of the Information Commissioner’s Office (the UK’s data protection regulatory body), will be updated and the sanctions available to it, in line with the GPDR.
The Government has also pledged to introduce a new ‘digital charter’ with the aim of ensuring the UK “is the safest place to be online.” It’s proposed the Charter will be ‘underpinned’ by regulations, but as yet there are no details on what these might be.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.