What is the difference between the Data Protection Bill and the GDPR?
If you’ve found this page because you’ve just managed to get your head around the GDPR and now there is all this new talk of a Data Protection Bill, then you are in the right place. If you’re looking for a quick overview of the new Data Protection Bill, how it could impact you and an overview of how it relates to the GDPR, then read on…
What is the Data Protection Bill?
Broadly speaking the Data Protection Bill, that was published on 14 September 2017, refreshes 4 main sections of data protection with an aim to keep the laws current, relevant and enforceable to protect the rights of individuals in Britain, and bring clarity to data protection in our fast-advancing digital world.
The four main sections of the Data Protection Bill:
1. General Processing
The General Processing section of the Data Protection Bill will enable individuals to have easier access to their own data.
A new right to… data portability: making it easier for individuals to obtain and reuse their personal data between service providers.
A new right to… be forgotten: if an individual no longer wants their data to be processed (if there are no legitimate grounds for retaining it) the data will need to be deleted.
A new right to… know when your data has been hacked.
2. Law Enforcement Processing
This section of the Data Protection Bill will update our data protection laws governing the processing of personal data by the police, prosecutors and other criminal justice agencies, particularly, in light of the changes that the impending Brexit will bring about.
The Bill will ensure that criminal justice agencies can continue to use and share data to investigate crime, bring offenders to justice and keep communities safe. Whilst also ensuring that, following the UK’s exit from the European Union, our criminal justice agencies can continue to share data with other EU countries.
3. National Security Processing
This part of the bill will again ensure that following our exit from the European union, we will still have the ability to keep our nation safe with the help of data processing. The data Protection Bill will update the laws governing the processing of personal data by the intelligence services and others for the purposes of safeguarding national security.
4. Information Commissioner and enforcement
This section of the Data Protection Bill outlines the role and functions of the Information Commissioner in accordance with data protection law. It also outlines their powers of enforcement including powers of entry and inspection.
The Bill will ensure that the Information Commissioner is retained as the UK’s independent data protection regulator.
The Data Protection Bill will increase maximum penalties for regulatory breaches from £500K to £18m (converted from the maximum 20 million euros under GDPR) and will allow the Information Commissioner to enforce a duty on data controllers to ensure they notify the Commissioner and the individuals affected in the event of a data breach that risks affecting individuals’ rights.
What is the difference between this and the GDPR?
The General Data Protection Regulation (GDPR) are designed to be read side by side.
The GDPR gives European member states limited opportunities to make provisions for how the regulation applies in their country. The Data Protection Bill aims to bring clarity to GDPR’s impact on Britain, particularly important once we have exited the European Union.
The Data Protection Bill exercises a number of agreed modifications to the GDPR to make it work for the benefit of the UK, in areas such as academic research, financial services and child protection.
If you would like more information on how the GDPR or The Data Protection Bill impacts your business get in touch today. Call one of the team on +44 (0)1673 885533. We’re here to help.