22 June, 2017
Through yesterday's Queen's Speech, the government confirmed that which the ICO has already indicated: that there will be data protection law in the UK post-Brexit. Alongside the Great Repeal Bill and various others, will sit a Data Protection Bill, as outlined on pages 46 & 47 of the Queen's Speech Background Notes, the purpose of which is stated to be to "make our data protection framework suitable for our new digital age, allowing citizens to better control their data".
The notes confirm that the bill will implement the General Data Protection Regulation - which will come into force in May 2018 - with a view to pre-Brexit compliance and also to ensure data sharing capabilities with EU member states and a "world-class" data protection regime post-Brexit. Presumably implementation of the Directive will come with the derogations as outlined in the recent consultation, but we will have to wait and see.
Amongst what are called the main benefits of the bill will be to allow police and judicial authorities to continue to exchange information quickly and easily with our international partners in the fight against terrorism and other serious crimes. The Speech also reaffirms the manifesto commitment to empower data subjects to require major social media platforms to delete personal information held about them prior to turning 18.
The Data Protection Bill will seek to establish a new data protection regime for the processing of data for non-law enforcement purposes, strengthening the rights of individuals to control the processing of their personal data. The range of powers and sanctions in the ICO's arsenal will be updated and augmented as set out in previous blogs.
Having confirmed that the UK will implement GDPR and that it will continue post-Brexit, now is a good time to prepare for and consider how this and other changes to data protection law will affect your operations (see previous blog).
Forbes Solicitors regularly advise a range of businesses on data protection law including compliance with the DPA, PECR and preparing for the GDPR and ePrivacy Regulation including providing training. If you have any questions, please contact Daniel Milnes.