Data Protection Bill Begins its Journey in House of Lords

The biggest reforms to UK data protection laws in over twenty years have now begun their legislative journey. The new Data Protection Bill, was introduced in the House of Lords yesterday and formally published this morning. The Bill aims to update data protection laws for the digital age in which we live.

The Bill's primary goal is to honour the Government’s commitment to fully implement the General Data Protection Regulation into UK law. Doing so is not just vital in meeting the UK Government’s legal obligations under EU law, but will also provide crucial in laying the groundwork for the UK achieving a mutual adequacy agreement to allow the free flow of personal data with the EU post-Brexit. The Government recently published a position paper on data flows post-Brexit and you can see techUK’s thoughts on that paper here.

The Bill does not recreate GDPR language in UK law, that will be done as part of the ‘conversion’ process of EU law onto the UK statute book as part of the European Union (Withdrawal) Bill (you can read techUK’s briefing on that bill here). Instead it sets out how the Government intends to utilise the available derogations offered within the GDPR. As a result, to make sense of the Bill it should be read alongside the GDPR itself. For example the Bill confirms that the UK will set the age of consent at 13.

Within the Bill are provisions to replicate a number of the exceptions and restrictions which exist under the Data Protection Act 1998, which will be repealed and replaced by this new legislation. These exceptions will ensure that certain types of important economic, social and legal data processing can continue to take place.

One key difference between GDPR and the Data Protection Act 1998 is that the GDPR, given it is an EU regulation, only applies to areas of law under the competency of the European Union, whereas the Data Protection Act 1998 applies to all data processing. This new Bill therefore extends GDPR standards across all general data processing, with some exemptions.

Aside from implementing GDPR derogations, the Data Protection Bill will also implement the Law Enforcement Directive, address National Security processing and update regulation and enforcement.

The Bill, as with the GDPR, proposes the most far reaching reforms to data protection law in over twenty years and will significantly increase the control individuals have over their personal information. Organisations of every size and sector will need to ensure they are compliant with the new rules by 25 May 2018, and the clock is ticking.

techUK is looking forward to working with Government, Parliamentarians and others as the Data Protection Bill makes its way through the Parliamentary process, as well as raising awareness of the new responsibilities faced by businesses under the new rules.

If you would like more information about techUK’s work on Data Protection please contact Jeremy Lilley.

FROM SOCIAL MEDIA

In the lead-up to GDPR, Ian from @NCSC talks how your business can ensure its cyber security is top notch for techU… https://t.co/xzsnpJGhll
Most of the audience says that D&I progress at their workplace moves slowly or very slowly at Diversity in Tech con… https://t.co/Q1Wf5iCvWe
Our very own @TRajab will be delivering a cyber 'Strategic Sales and Marketing' session tomorrow as part of the… https://t.co/rpawMtszEl
How will GDPR impact the UK's rising AI industry? Head of Cloud, Data Analytics and AI @ChannelSwimSue answers for… https://t.co/X7SlaBQKqX
So important to take into account the less visible aspects of diversity that are often forgotten about -… https://t.co/0fIBNHAVve
Guy Cohen from @privitarglobal discusses the rising necessity for safeguards in the implementation of GDPR for tech… https://t.co/NzCdb5n0uR
“This is the prologue to a longer book that is yet to be written” - @shaheentsayed from @AccentureUK discussing rac… https://t.co/gvRDt0jGvh
‘If there is no seat at the table, kick it over or create another table’ - @FarrahGDP at the Diversity in Tech conf… https://t.co/B4j2rkvcR4
The imagery of your brand needs to reflect diverse range of people to attract a diverse range of candidates, says… https://t.co/9mDK75jX6W