The Government says it will replace GDPR (General Data Protection Regulation) with a new British data protection system.
Announcing the move last month, Culture Secretary Michelle Donelan said the EU GDPR and its “bureaucratic nature” is limiting the potential of UK businesses.
The Government announced a Data Protection and Digital Information Bill to replace GDPR last June, but that was put on hold.
Fears over compatibility
Fears were raised that new legislation may not be compatible with GDPR in Europe and could threaten the UK’s data adequacy agreement with the EU.
Data adequacy means other countries’ legislation must be of a similar or higher standard, which is required by the EU to ensure the flow of data between it and an external country.
The current GDPR law was introduced by the EU in 2018 and changed the way companies collect, process and protect the personal information of EU citizens.
Post-Brexit, businesses based outside of the EU still have to comply if they offer goods or services into the EU.
What is GDPR?
GDPR, which followed the Data Protection Directive, is designed to protect personal data within a legal framework.
As it stands, it obliges companies to have processes in place for handling and storing personal information. It’s also designed to protect individuals from being contacted by organisations without our express permission.
What does it entail?
- A more comprehensive definition of personal data. Those that process data on behalf of another firm, such as payroll or accounting processes, will be required to comply with the GDPR, whereas they weren’t required to comply with the previous regulations
- Opting in rather than opting out and when obtaining ‘consent’ from individuals, it must now be explicit and specific. Previously individuals had to ask to be removed from a mailing list and include a ‘right to be forgotten’ clause
- Strict timeframes for reporting data breaches to the Information Commissioner
- Certain businesses must appoint data protection officers, responsible for overseeing the new requirements for record-keeping and data impact assessments
- There must be an easier process for individuals to claim compensation from a non-compliant business
- Tougher penalties for non-compliance.
Need help with data protection issues? Please contact our team today.