Initially published on 14 September 2017 the Bill is due to receive Royal Assent by 27 March, ahead of GDPR’s enforcement date of 25 May. You can follow its progress, if you’re so inclined, here.
Secretary of State for Digital, Culture, Media and Sport Matt Hancock (check out his app) says:
“The Data Protection Bill will give people more control over their data, support businesses in their use of data, and prepare Britain for Brexit….In the digital world strong cyber security and data protection go hand in hand. This Bill is a key component of our work to secure personal information online.”
What is the difference between the GDPR and the Data Protection Bill?
The GDPR is an EU-level piece of legislation which has already passed and now must be adopted by EU member states. The Data Protection Bill broadly matches GDPR,but also outlines how it will apply in the UK and makes a few other provisions as well. These include items relating to data processing that falls outwith EU competencies, like immigration and national security.
As with other bits of EU legislation, GDPR is being adopted as per the UK’s obligation as EU members, prior to being transferred into British law on leaving. What remains of it following Brexit will be a matter for Parliament, who will most likely bear in mind the need to demonstrate equivalence with EU-level data processing to trade with EU, whether in a single market, customs union, or as part of a free trade deal.
The chances are, whatever form the UK’s departure from the European Union takes, most, if not all of the principles of GDPR will have to be adhered to in the short to medium term.
NICVA have a number of things planned to help you navigate these uncharted waters: