Compliance Privacy

UK’s new Data Protection Bill, incorporating GDPR, expected in September

The UK’s Data Protection Bill, which was announced in last month’s Queen’s Speech, could be introduced in Parliament in just a few weeks—though it could be months before it becomes law.

The UK legislation is expected in September, according to the UK’s Department of Digital, Culture, Media & Sport (DCMS), which confirmed to security researcher and training specialist Chris Pounder that “we’re aiming to introduce the Bill as soon as we can once the houses are back from summer recess.”

The Queen’s Speech said that the bill is meant to ensure that the UK “retains its world-class regime protecting personal data.” Further analysis from global law firm Reed Smith added that the goal is a “data protection framework that is suitable for our new digital age, and to cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data.”

To that end, the Data Protection Bill will replace the Data Protection Act 1998, and will incorporate the GDPR into national UK law—meaning that even post-Brexit, businesses will need to comply with the same EU rules for UK citizens. The GDPR goes into effect on May 25 of next year, and will give EU regulators the power to levy punitive damages as high a €20m (or 4% of global turnover, whichever is greater) to organizations anywhere in the world who fail to adhere to a series of requirements when it comes to securing the data of EU citizens.

YOU MAY ALSO ENJOY – The GDPR is coming: 5 ways you can safeguard your personal data

The ramifications extend far beyond fines for individual companies, according to Jon Baines, chair at the National Association of Data Protection and Freedom of Information Officers.

“When the UK leaves the EU under Brexit, we will become a ‘third country’ for the purposes of GDPR, and we will need to have adequate domestic data protection law in place to enable the free flow of personal data between us and the EU,” he told Infosecurity. “If the European Commission decides that this new UK data protection law is inadequate, it will make these cross-border transfers of personal data very tricky, which would have the potential to adversely affect trade deals, and drive up costs for business and consumers, as well as potentially hindering cooperation in criminal justice and national security matters.”

Source: Info Security

Read entire post grey

Read more about the General Data Protection Regulation

Leave a comment

%d bloggers like this: