01 August, 2017
Through the Queen's Speech, the government confirmed that which the ICO has already indicated: that there will be data protection law in the UK post-Brexit. Alongside the Great Repeal Bill and various others, will sit a Data Protection Bill, as outlined on pages 46 & 47 of the Queen's Speech Background Notes (available online), the purpose of which is stated to be to "make our data protection framework suitable for our new digital age, allowing citizens to better control their data".
The notes confirm that the bill will implement the General Data Protection Regulation - which will come into force in May 2018 - with a view to pre-Brexit compliance and also to ensure data sharing capabilities with EU member states and a "world-class" data protection regime post-Brexit. Presumably implementation of the Directive will come with the derogations as outlined in the recent consultation, but we will have to wait and see.
Amongst what are called the main benefits of the bill will be to allow police and judicial authorities to continue to exchange information quickly and easily with our international partners in the fight against terrorism and other serious crimes. The Speech also reaffirms the manifesto commitment to empower data subjects to require major social media platforms to delete personal information held about them prior to turning 18.
The Data Protection Bill will seek to establish a new data protection regime for the processing of data for non-law enforcement purposes, strengthening the rights of individuals to control the processing of their personal data. The range of powers and sanctions in the ICO's arsenal will be updated and augmented as set out in previous blogs.
Having confirmed that the UK will implement GDPR and that it will continue post-Brexit, it is now essential to prepare for and consider how this and other changes to data protection law will affect your operations.
Forbes Solicitors regularly advise a range of businesses on data protection law including compliance with the DPA, PECR and preparing for the GDPR and ePrivacy Regulation including providing training. Specifically regarding GDPR, we would be delighted to provide a quote to undertake a full review of your organisation's data protection policies, processes and procedures. For SMEs, this might involve an initial half-day consultation followed by a fixed fee for follow-up work such as drafting or amending policies. For larger organisations, as an example, we have recently been instructed to undertake a two day per week secondment over an initial six month period with a large housing association to review and GDPR-proof the entire operation.