Data Protection Bill Begins its Journey in House of Lords

The biggest reforms to UK data protection laws in over twenty years have now begun their legislative journey. The new Data Protection Bill, was introduced in the House of Lords yesterday and formally published this morning. The Bill aims to update data protection laws for the digital age in which we live.

The Bill's primary goal is to honour the Government’s commitment to fully implement the General Data Protection Regulation into UK law. Doing so is not just vital in meeting the UK Government’s legal obligations under EU law, but will also provide crucial in laying the groundwork for the UK achieving a mutual adequacy agreement to allow the free flow of personal data with the EU post-Brexit. The Government recently published a position paper on data flows post-Brexit and you can see techUK’s thoughts on that paper here.

The Bill does not recreate GDPR language in UK law, that will be done as part of the ‘conversion’ process of EU law onto the UK statute book as part of the European Union (Withdrawal) Bill (you can read techUK’s briefing on that bill here). Instead it sets out how the Government intends to utilise the available derogations offered within the GDPR. As a result, to make sense of the Bill it should be read alongside the GDPR itself. For example the Bill confirms that the UK will set the age of consent at 13.

Within the Bill are provisions to replicate a number of the exceptions and restrictions which exist under the Data Protection Act 1998, which will be repealed and replaced by this new legislation. These exceptions will ensure that certain types of important economic, social and legal data processing can continue to take place.

One key difference between GDPR and the Data Protection Act 1998 is that the GDPR, given it is an EU regulation, only applies to areas of law under the competency of the European Union, whereas the Data Protection Act 1998 applies to all data processing. This new Bill therefore extends GDPR standards across all general data processing, with some exemptions.

Aside from implementing GDPR derogations, the Data Protection Bill will also implement the Law Enforcement Directive, address National Security processing and update regulation and enforcement.

The Bill, as with the GDPR, proposes the most far reaching reforms to data protection law in over twenty years and will significantly increase the control individuals have over their personal information. Organisations of every size and sector will need to ensure they are compliant with the new rules by 25 May 2018, and the clock is ticking.

techUK is looking forward to working with Government, Parliamentarians and others as the Data Protection Bill makes its way through the Parliamentary process, as well as raising awareness of the new responsibilities faced by businesses under the new rules.

If you would like more information about techUK’s work on Data Protection please contact Jeremy Lilley.

FROM SOCIAL MEDIA

Join us on 20 March as we welcome @Marthalanefox to techUK for the launch of new @OpenUniversity research on bridgi… https://t.co/u27S2WoRvO
An Urgent and Emergency Care Forum is being created by @NHSDigital and @techUK - Suppliers interested in becoming f… https://t.co/jqxlYXOMbc
See how the UK compared to other countries in the @CTATech #innovationscorecard https://t.co/jhIRC5cGqN https://t.co/MSMAAitpnf
What functions will our future energy system need to realise our #smartenergy ambitions? What does this mean for te… https://t.co/DenDopN7q2
.@techUK's @G_Derrington discusses the current concerns from industry when it comes to skills policy and Brexit in… https://t.co/phiHP5YuLb
. @sagegroupplc & @Atos joined us today in supporting a new UK France digital conference announced today by @DCMS.… https://t.co/rQDouW3hXB
Ruth Milligan, Head of Financial Services & Payments @techUK, debunks so pervasive myths around #OpenBanking and hi… https://t.co/HZ6ojwhZJY