GDPR to be Implemented Through the Data Protection Bill

7 Aug 2017 01:41 PM

The Government has published its Statement of Intent for the Data Protection Bill and confirms intention to implement GDPR in full.

After also five years of negotiation, the General Data Protection Regulation (GDPR) will begin its journey into UK law in September through the Data Protection Bill.

The Data Protection Bill, announced in the Queen’s Speech, will ensure that the UK’s data protection framework aligns with the GDPR and tackles the derogations allowed within the regulation. techUK responded to the Government’s Call for Views on the Derogations earlier this year and is pleased to see its views reflected in the Statement of Intent.

Updating Data Protection laws in line with the GDPR will help the UK retain its position as a world leader in data protection, making sure that citizens have trust and confidence in the way their personal information is used, while benefiting from the significant economic and societal gains offered by the data revolution.

The Bill’s Statement of Intent rightly recognises the importance of cross border data transfers, which have a larger impact on growth than traditional goods flows according to the Government.

Key to ensuring growth, enabled by data flows, can continue will be maintaining unhindered data flows between the UK and EU post-Brexit. A secure and robust legal mechanism, ideally based on adequacy, to facilitate those flows must be established from the first day the UK is no longer a member of the EU.

Commenting on the Government’s Statement of Intent Julian David, techUK CEO, said:

“The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full economic and societal opportunities of data is building a culture of data trust and confidence.

“A strong and effective data protection framework is fundamental to that aim. techUK supports the aim of a Data Protection Bill that has the clear and defined purpose of implementing GDPR and can be passed in a timely manner to provide businesses with legal certainty. This statement of intent is an important and welcome first step in that process.

“Ensuring that GDPR is implemented in full before the May 2018 deadline is crucial to giving businesses the clarity they need about their new obligations. Implementation will also be critically important in putting the UK in a strong position to secure unhindered data flows, via an adequacy agreement, once it has left the EU, maintaining its leadership in the global discussion on data protection and privacy.”

The Rt Hon Matthew Hancock MP, Minister of State for Digital, commented:

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.

“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.”

Elizabeth Denham, Information Commissioner, added:

“We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public."

techUK will be following the Data Protection Bill closely as it proceeds through Parliament and will be conducting outreach to ensure the desired aims of the Bill are achieved. For more information about the Data Protection Bill, or techUK’s work on data, please contact Jeremy Lilley.