What is the Data Protection Bill?
The Data Protection Bill was announced in the Queen’s Speech in June this year and a statement was published by the Department for Culture, Media and Sport on 13th September, introducing the bill to the House of Lords. The Culture secretary Karen Bradley said “The Data Protection Bill will give people more control over their data, support businesses in their use of data and prepare Britain for Brexit.”
But what about the EU General Data Protection Regulation?
The two will go hand-in-hand. Part of the Data Protection Bill is to bring the EU GDPR into law in the UK, in time for the enforcement date of 25th May 2018. This will also address some loopholes within the existing Data Protection Act 1998, that have been through judiciary review, as well as preserving tailored exemptions that have previously worked well under the existing law.
Undertaking our training programme be.GDPR will further your understanding of what you, your organisation and your stakeholders should be doing to prepare.
So what are the differences?
Unlike the GDPR, the UK government has some added extras that have been in the planning for a little while now.
New data protection amendments will make it a criminal offence of not responding to a Subject Access Request (SAR), or destroying data in light of a SAR request.
The right to be forgotten: Unlike GDPR, this will also mean that people can ask social media channels to delete information they posted in their childhood.
There is also mention of a “bespoke framework tailored to the needs of our criminal justice agencies and national security organisations, including the intelligence agencies, to protect the rights of victims, witnesses and suspects while ensuring we can tackle the changing nature of the global threats the UK faces.”
More controversially this Data Protection Bill will set the age from which parental consent is not needed to process data online at age 13.
Our original program be.Privacy helps to train you in existing UK data protection laws and will continue to update you on changes throughout your subscription period, bringing fresh understanding to the UK specific laws.
The following UK clarification also details more on an exemption clause for the GDPR.
Workers in several key fields who need to handle sensitive personal data without the owner’s consent would be protected by the exemptions, including:
- Anti-doping agencies in sports, trying to catch drug cheats;
- Journalists who must access personal data “for freedom of expression and to expose wrongdoing”;
- Research institutions, such as museums and universities;
- Financial services firms that price risk or process data on suspicion of terrorist financing or money laundering; and,
- Employees who access data with a justifiable reason but without consent, to fulfil obligations of employment law.
- Ensure that sensitive health, social care and education data can continue to be processed to ensure continued confidentiality in health and safeguarding situations can be maintained.
- Provide appropriate restrictions to rights to access and delete data to allow certain processing currently undertaken to continue where there is a strong public policy justification, including for national security purposes.