With the deadline for Brexit not until 31 March 2019, the EU General Data Protection Regulation (GDPR) could be effective in the UK for more than ten months.
What will happen after then has been one of the many mysteries of Brexit, but in August 2017 the UK government proposed data protection laws that would transfer the GDPR into UK law after it leaves the EU.
If the Data Protection Bill is passed, there will be very few differences in the way organisations are required to handle UK and EU residents’ personal data.
Broader than the GDPR
The proposed bill largely replicates the GDPR, but it has so far added one extension: upon request, social media companies will need to delete people’s posts from before their 18th birthday.
Many people have expressed their support of the bill, including the head of the Information Commissioner’s Office (ICO), Elizabeth Denham, who said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”
Todd Ruback, chief privacy officer and vice president of legal affairs at digital governance company Evidon, said: “The proposed UK legislation will obviate Brexit-related fears that the data spigot will be turned off because the UK’s data protection law doesn’t offer the same level of protection as the GDPR. Once the bill becomes law, it will endow the UK resident with new and codified rights, such as the right to access and correct data, and the right to delete it.”
He added: “The legislative process needs to be completed, and there will surely be many modifications that make their way into the final legislation, but it’s great to see the foundation being laid in the UK that will allow digital commerce to continue unabated.”
Become a GDPR expert
The UK will almost certainly introduce further changes to the Data Protection Bill, but the fact that it closely resembles the GDPR is good news for those looking to process, store and transmit personal data across the UK and the rest of the EU.
UK organisations will need a strong knowledge of the GDPR anyway, as the Regulation will be effective in the UK for the time being, but the Data Protection Bill would mean that preparing for the GDPR is not just a short-term solution.
- Certified EU General Data Protection Regulation Foundation (GDPR) Training Course
- Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course
- Book these courses together in our combination course and save 15%.