A recent parliamentary committee has confirmed that the UK will fully implement the EU General Data Protection Regulation on May 25, 2018, and a law that mirrors GDPR will remain, even in post-Brexit Britain.
Speaking at the House of Lords EU Home Affairs Sub-Committee on February 1, 2017, the Minister of State for Digital & Culture, Matt Hancock, used the occasion to emphasize the importance of uninterrupted and unhindered data flows between the UK and EU. He said:
"In a sense, we are matching them rather than asking them to match anything new from the UK.
"Parts of the Data Protection Act will need to be repealed for data processing to be in scope of the GDPR, and it is necessary to ensure that we don't end up with the Data Protection Act duplicating or creating inconsistencies with the GDPR because the GDPR will be directly applicable. So, we will be bringing forward legislation in the next [parliamentary] session in order to put that into practice."
Describing GDPR as a “decent piece of legislation,” the minister explained that reasons to match GDPR in the UK were in part because there was “significant” input from the UK in the original development of the regulations. Having an equivalent law to GDPR in the UK also means that the country can begin Brexit negotiations from a harmonized starting point, rather than one of difference. Hancock said this would help with the negotiation of free data flows with the EU, and the US.
Hancock also noted businesses have been slow to take on board what changes GDPR will bring.
"My view is that [GDPR] is consistent with best practice for handling data anyway, so companies that handle data appropriately, have good cybersecurity arrangements and respect the privacy of their customers or those they hold the data of shouldn't find this much of a burden. But it will require some companies that don't have best practice to come up to speed."
To understand the new obligations organizations have when keeping customer data safe, the new levels of transparency needed when using data, and to demonstrate accountability for compliance to the GDPR, we recommend reading the General Data Protection: A practical guide for businesses below.
This White Paper, created by BlueVenn in collaboration with data protection specialists Opt-4, provides a thorough look at how GDPR will change existing laws, and offers suggestions for what you can do now to prepare for GDPR. This White Paper also covers:
- The global scope of GDPR
- How GDPR will change consent, processing and profiling
- The new rights for data subject
- Guidelines for Data Protection Officers
- Liabilities, penalties and enforcement