« Back to Blog Homepage

New Data Protection Bill to implement GDPR in the UK

Data protection
The UK government is hoping the new Data Protection Bill will ensure a smooth transition to GDPR

The UK government has published its proposal to implement GDPR into UK law in a new Data Protection Bill. While GDPR will automatically come into force in the UK in 2018, the Bill is designed to ensure a smooth transition to a new data protection landscape regardless of Brexit, as well as implement key UK derogations.

Set to be introduced in September, the legislation will enshrine the fundamental principles of GDPR, including:

  • The right to be forgotten
  • Expanded definition of personal and sensitive personal data
  • Expanded rights to access personal data
  • Tighter rules on gaining consent
  • New criminal offences to protect people from being identified by anonymous data and from having their data altered
  • New powers for the Information Commissioner’s Office to fine companies £17m or 4% of global turnover


Most of the measures in the new Data Protection Bill will be familiar to anyone who has reviewed VinciWorks’ GDPR guide to compliance. Our Data Protection: Privacy at Work course is also GDPR-ready and gives users a head start on the coming changes to the data protection landscape in the UK. It’s fully customisable and contains a personal learning path builder that tailors content to a user’s role with over 1,000 configurations. New modules are constantly being updated and added to the course so that it never goes out of date and always provides users with exactly what they need to know to keep data safe and secure.

UK derogations

Within the scope of GDPR, countries have space to amend the parameters of the law. The government announced its intention to do that in the following ways that go beyond GDPR as written by the EU.

  • Require social media platforms to delete content held on a user at the age of 18
  • Repeal the Data Protection Act 1998 and have a single data protection law for both EU and domestic law
  • Allow children aged 13 or older to consent to personal data being processed
  • Organisations will be able to continue processing criminal conviction and offences data as they currently do
  • Legitimate automated decision making will be allowed in some circumstances, such as credit reference checks
  • Research organisations will be exempt from some personal data obligations such as correcting inaccurate data or right of access

What might happen after Brexit

Despite the government’s intention to bring GDPR into UK law, a hard Brexit with no comprehensive deal could mean no assessment of adequacy from the Europe. This could see a blockade on data transfers from the EU to the UK. Furthermore, the UK cannot apply to the European Commission for an assessment of adequacy, that determination can only be given by the Commission itself.

 



Related Articles

Artificial Intelligence Thought Leadership
75% of university librarians see urgent need for AI ethics as faculty and students turn to them for help

GDPR
Biometric crackdown by UK regulator puts focus on big data at work