The second reading of the Data Protection Bill (which will repeal the 1998 Data Protection Act) published last month by the government is scheduled to take place this week.Â
The Bill, which aims to reform and modernise data protection laws, will supplement the EU-wide General Data Protection Regulation (GDPR) when it comes into force in May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR as it will be incorporated into the UK’s domestic law under the European Union (Withdrawal) Bill, currently before Parliament.Â
The GDPR has direct effect across all EU member states and has already been passed, meaning that organisations will have to comply with it. However, the GDPR gives member states limited opportunities to make provision for how it applies in their country resulting in the introduction of the Data Protection Bill in the UK.
The four main matters provided for in the Bill are general data processing, law enforcement data processing, data processing for national security purposes including processing by the intelligence services, and regulatory oversight and enforcement.Â
In particular it will allow the Information Commissioner to levy higher administrative fines on data controllers and processors for the most serious data breaches, up to £17m (€20m) or 4 per cent of global turnover for the most serious breaches. The Bill will also empower the Information Commissioner to bring criminal proceedings for offences where a data controller or processor alters records with intent to prevent disclosure following a subject access request.Â
The Bill also has a part dealing with processing that does not fall within EU law, for example, where it is related to immigration. It applies GDPR standards but has been amended to adjust those that would not work in the national context. It also has a part implementing the EU’s Law Enforcement Directive and requires the intelligence services to comply with internationally recognised data protection standards.Â
Click here to read the Bill in more detail.Â
Click here to read the advice prepared by the Information Commissioner’s Office.
Iain Birrell, of Thompsons Solicitors, commented: “The EU General Data Protection Regulation comes into force next May and this is a necessary piece of legislation to implement it. At 218 pages the breadth of this bill is enough to make a Brexiteer weep, including as it does the right to be forgotten and provisions to allow the police and judicial authorities to quickly and easily exchange information with other countries in the fight against terrorism and serious offences. It is, though, the increased powers to fine which will perhaps cause the biggest response from business.“