Yesterday saw the full publication of the UK’s Data Protection Bill, confirming that UK laws will largely mirror the EU’s General Data Protection Regulation (GDPR), irrespective of Brexit. While UK businesses and Umbrella Companies will have to adapt to the new standards going forward, the publication of the Bill does at least remove any uncertainty regarding the compatibility of data protection regulations between a post-Brexit UK and EU.
Writing for City A.M., Matthew Hancock, the Minister of State for Digital, said: “…it’s been a generation since we last updated our data protection laws to free up the nation’s businesses and entrepreneurs to innovate – while protecting from cyberattacks and making Britain the safest place in the world to be online.
“So today, we are publishing the Data Protection Bill to provide a comprehensive new legal framework for data protection in the UK, combining rules that encourage innovation while protecting privacy.”
Some of the provisions present in both the GDPR and the UK’s Data Protection Bill include much larger potential fines for businesses that fail to adequately protect private data. The current maximum fine under UK law is £500,000, but this will rise to £17 million, or four per cent of global turnover under the proposed new rules. Re-identifying people from anonymised data will become a criminal offence, and the regulations will make it easier for people to withdraw consent for their data to be used or request that it be deleted.
The main area of deviation between the UK bill and the GDPR lies in a number of what the Government describes as “vital” exceptions aimed at making the UK’s data regime a more “proportionate” one.
These exemptions include journalists, who will still be able to access data without permission if it is in the public interest as well as guarantee anonymity for sources. Sporting anti-doping bodies will be able to access data in search of drug cheats, and researchers will be exempted from having to respond to requests to access or remove legally held data in large data sets that they are working with if doing so would hinder that work.
Mr Hancock said that other exceptions will be provided “in health, education and social work to ensure safeguarding, allow continued anti-money laundering operations in the financial services sector and anti-doping operations in sport as well as bringing benefits for many other sectors of the economy”.