As anticipated (see here), a new Data Protection Bill was introduced to the House of Lords on September 13, 2017 and it officially entered Parliament on September 14, 2017.
The new Bill aims at substituting the UK Data Protection Act 1998 and updating data protection laws in accordance with the GDPR.
What will it change? To say it simply: Data protection is going to be stricter.
According to the official overview, the main elements of the Bill are the following.
General data processing
- Implementing of GDPR standards
- Providing clarity on the definitions used in the GDPR in the UK context
- Ensuring confidentiality for sensitive health, social care and education data
- Providing appropriate restrictions to rights to access and delete data
- Establishing the age from which parental consent is not needed to process data online: age 13
Law enforcement processing
- Providing a bespoke regime for the processing of personal data by police, prosecutors, and other criminal justice agencies for law enforcement purposes
- Allowing the unhindered flow of data internationally whilst providing safeguards to protect personal data.
National Security processing
- Ensuring that the laws governing the processing of personal data by the intelligence services remain up-to-date with international standards.
Regulation and enforcement
- Enacting additional powers for the ICO to enforce data protection laws
- Allowing the ICO to levy higher administrative fines on data controllers and processors for the most serious data breaches, up to £17m (€20m) or 4% of global turnover for the most serious breaches
- Empowering the ICO to bring criminal proceedings against data controllers or processors altering records with intent to prevent disclosure following a subject access request.
More on the UK Data Protection Bill is available at https://www.gov.uk…