The UK Government unveiled its new Data Protection Bill (DPB) in September, the UK equivalent of the EU’s General Data Protection Regulations (GDPR), which will see many of the data protection requirements of GDPR enshrined in UK law. The move was essential following Brexit to ensure we benefit from the modernisation of data protection (the current Data Protection Act (DPA) is now 20 years old) ushered in by the GDPR and to bring our data handling practises in line with the rest of Europe.
The DPB will uphold many of the GDPR requirements and will better protect citizens’ personal data, but it also differs in some respects. The DPB will not support the right to make ‘super complaints’ by privacy groups, for example, but will include an additional clause which allows an individual to request the deletion of all social media data before they turned 18. There will be unlimited fines for data breaches where it has been proven that users have been re-identified from anonymous data or in cases where there has been data tampering. These exceptions aside, the DPB will see the main tenets of the GDPR become law from 25 May 2018.
Many businesses which are already DPA compliant regard the GDPR as simply a revision of the DPA which will require minimal change on their part. However, there are some crucial difference between the GDPR and the DPA.
While the DPA uses eight key principles, the GDPR is based upon 99 Articles that tackle data protection in far greater depth and extend citizens’ rights to control data processing. The key differences are that GDPR…
Businesses will need to begin to assess and appraise whether they meet the requirements ahead of the deadline. To find out whether your data handling processes are GDPR ready, contact us today or take our quick GDPR Readiness Assessment to establish where you need to focus resource.