Queen’s Speech Data Protection Bill– what it means for you.
26th June 2017 by Sam Freeman
Whilst a lot of press coverage surrounding the Queen’s Speech focused on Her Majesty’s intriguing choice of headwear, there was a lot more to her recent address to the nation including an indication of the way in which data protection shall be shaped in the future.
Data protection may not be the most exciting of topics I grant you, but it impacts every single one of us in our everyday lives. From the online forms we complete to the CCTV footage that is taken of us as we walk through certain shops, data protection governs how our information is kept safe.
First and foremost, the Queen confirmed what we had already been informed; that whilst the UK will be leaving the EU it will nevertheless be adopting the General Data Protection Regulation (GDPR) when it comes into force in May 2018. Whilst some may feel that a departure from the EU should herald a complete detachment from the lengthy and often held onerous rules and regulations, there are a number of reasons why the UK is well-advised to adopt the GDPR even after Brexit comes into force.
One of the key benefits of adopting the GDPR is that EU data protection law has, for a long while now, prevented personal data being transferred to a non-EU country unless that country has an “adequate level of protection” (i.e. has implemented similar standards of data protection to those in the EU) or a number of other stringent criteria are met. If the UK decided to create its own data protection regime then this regime would need to be formally approved by the EU, otherwise Brexit would introduce a sudden barrier to the transfer of personal data from the EU to the UK. This would be particularly troubling for European businesses that had group companies, subcontractors or other business links in the UK. Consent to any new regime would be lengthy, complicated and there is no guarantee that that the EU would approve of anything that we decided to draft ourselves.
Aside from this, the GDPR has taken years to prepare with considerable input from the UK and other countries. It’s aim is to enhance individual’s rights surrounding their data, harmonise national laws in order to allow EU countries to deal more easily with one another, and to reflect the way in which we operate in the world of social and digital media. After years of helping to develop this new regime, would the UK really be best placed to start again and make its own legislation from scratch?
Whilst the adoption of the GPDR is in itself a monumental leap for data protection, the Queen has also informed us that we will be adopting a number of additional measures to ensure that we retain our world-class status in terms of data protection. This will include the right for young people to demand that social networks delete any personal data they had shared prior to turning 18.
A number of changes will therefore be coming into play and businesses need to be prepared for this. They will need to provide individuals with information about the way in which they process their data, carry out audits to ensure that they are processing data in a lawful manner and implementing measures to ensure that they are able to respond in the correct manner to the new rights granted by EU law, such as the right to be forgotten or the right to have your personal data transferred to a replacement services provider. As the Information Commissioner’s Office (the body in charge of enforcing data protection legislation in the UK) starts to provide its guidance notes, organisations should be starting to make their preparations.
If you would like to learn more about the upcoming changes to data protection law then please contact Sam Freeman at s.freeman@laceyssolicitors.co.uk or 01202 557256.