The Queen’s Speech on 21 June set out the UK Government’s legislative programme included plans for a Data Protection Bill to ensure that the UK retains its “world-class” data protection regime.
At present details of the bill are sketchy – set out below is the explanation set out by the Government in its briefing on the Queen’s Speech. However this announcement is not unexpected – it was in the Conservative Manifesto and the implementation of the GDPR that some tidying up of UK law will be required. The announcement highlights the Government’s intent to treat data protection as a top priority and to ensure the GDPR comes into full effect on 25 May 2018. Whatever happens with Brexit the Government is keen to ensure that the UK’s data protection laws are not an impediment to trade especially in services – as the Government notes:
- Over 70% of all trade in services are enabled by data flows, meaning that data
protection is critical to international trade.
- The digital sector contributed £118 billion to the economy and employed over 1.4 million people across the UK in 2015.
The Bill also highlights the “right to be forgotten” – a feature of the GDPR – it will give young people the right to require major social media platforms to delete information about them at the age of 18.
Key features of the data protection bill:
The purpose of the Bill is to:
- Make our data protection framework suitable for our new digital age, allowing citizens to better control their data.
The main benefits of the Bill would be:
- To meet the manifesto commitments to give people new rights to “require major social media platforms to delete information held about them at the age of 18” (p.79) and to “bring forward a new data protection law” (p.80).
- To ensure that our data protection framework is suitable for our new digital age, and cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data.
- To allow police and judicial authorities to continue to exchange information quickly and easily with our international partners in the fight against terrorism and other serious crimes.
- To implement the General Data Protection Regulation and the new Directive which applies to law enforcement data processing, meeting our obligations while we remain an EU member state and helping to put the UK in the best position to maintain our ability to share data with other EU member states and internationally after we leave the EU.
The main elements of the Bill are:
- To establish a new data protection regime for non-law enforcement data processing, replacing the Data Protection Act 1998. The new rules strengthen rights and empower individuals to have more control over their personal data, including a right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it.
- To modernise and update the regime for data processing by law enforcement agencies. The regime will cover both domestic processing and cross-border transfers of personal data.
- To update the powers and sanctions available to the Information Commissioner.
- Territorial extent and application. The Bill would apply to the UK. Data protection is a reserved matter.
Blake Morgan’s guide to the General Data Protection Regulation summarises the key changes that the new law will bring and highlights the most important actions that your organisation should be taking in preparing to comply with it.
If you have any questions on GDPR, our data protection and regulatory experts are available to answer your questions at [email protected].