The UK Data Protection Bill is due to come into force this year, ahead of the EU General Data Protection Regulation in May 2018 – we look at the differences between the two
The first draft of the Data Protection Bill (DPB) was released on 13 September 2017, following its second reading in the House of Lords. This bill is designed to bring the UK’s data protection laws in line with the European Union’s (EU) General Data Protection Regulation (GDPR).
Despite the UK government having triggered Article 50 of the Lisbon Treaty, and being in negotiations regarding leaving the EU, the UK will still be classed as a Member State when the GDPR compliance deadline is reached on 25 May 2018.
The DPB is the UK’s answer to the GDPR, evolving the country’s existing data protection laws for the 21st century with the aim of ensuring uninterrupted data flows between the UK and EU after Brexit. The existing data protection laws have become increasingly unwieldy, having been first introduced in 1998 – 10 years before Apple’s first smartphone was released.
The DPB aims to reinforce data protection regulation for new technologies, while allowing people to have more control over their data. This will be no easy task, as – given the definitions used in the DPB – the UK will have more than 60,000,000 data subjects (a person who has data stored about them) and approximately 500,000 data controllers (companies or organisations which store data about data subjects).
“Effective, modern data protection laws with robust safeguards are central to securing the public’s trust and confidence in the use of personal information in the digital economy, the delivery of public services and the fight against crime,” said the information commissioner Elizabeth Denham in a statement issued in September by the Information Commissioner’s Office (ICO).