The EU General Data Protection Regulation (GDPR) has been described by the Information Commissioner as “the biggest change to data protection law for a generation”. It will automatically come into force in the UK on 25 May 2018, just a few weeks after the UK is required to enact legislation to implement another EU law, the Data Protection Law Enforcement Directive (DPLED) on 6 May 2018 which applies to public enforcement agencies.
The Government has recently confirmed that it plans to introduce a new Data Protection Bill, which will integrate the GDPR into UK law together with the DPLED and ensure both continue to apply after Brexit.
The UK’s Minister of State for Digital, Matt Hancock said:
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. …The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
“The Data Protection Bill will allow the UK to continue to set the gold standard on data protection. We already have the largest internet economy in the G20. This Bill will help maintain that position by giving consumers confidence that Britain’s data rules are fit for the digital age in which we live.”
Key legal changes coming into force will include provisions that:
New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data. In addition, the Information Commissioner’s Office will also be able to issue higher fines – of up to €1 million or 4% of global turnover for serious data protection breaches. This is significantly more than the £500k current fine level.
At Hugh James, mindful of the breadth of coverage of the GDPR and new Data Protection Bill, we have put together a team of legal experts from across the firm who can help organisations prepare for this hugely significant legislative change. For more information, see our dedicated GDPR webpage here.