Blog details

UK Data Protection Bill and GDPR

UK Data Protection Bill and GDPR

We are often asked by clients and prospects what happens to UK data protection laws after Brexit? Our regular answer ‘not much’ has proven to be correct: the proposed UK Data Protection Bill and GDPR are meant to be aligned with each other.

UK data protection bill and GDPR data protection officer

Indeed, anything else would put UK businesses at a disadvantageous position in terms of not being able to exchange data freely with the EU after Brexit. And keep in mind this is one of the easy areas, where Brexit negotiations results might not matter all that much: once UK laws are as favourable to individuals as the GDPR, European Commission is likely to allow unrestrained data exports to the UK regardless of any new EU-UK relationship.

Harsher penalties

The new UK Data Protection Bill and GDPR are aligned when it comes to penalties, one of the GDPR’s underlying new policies potentially targeting international web giants: maximum penalties £17 million or 4 % of global turnover resemble €20 million and the same percentage of the GDPR.

Obtaining consent becoming more difficult

UK Data Protection Bill and GDPR both put focus on consent for personal data processing, which is no longer a formal, box-ticking exercise. Issues such as easy withdrawal of consent, children’s consent or consent to process sensitive personal data are all the focus of both the UK Government and GDPR. Children and adults may also choose to be ‘forgotten’ by social media platforms.

Broader definition of personal data

In the same way as some other EU countries have already done, UK Data Protection Bill is expanding the definition of ‘personal data’ to include IP addresses. This is so because ISPs and other entities can easily identify and trace individual users when they know their IP addresses. Furthermore, the definition would expressly include internet cookies and DNA.

Aphaia specialises in helping organisations with their GDPR adaptation plus acts as outsourced Data Protection Officer in line with the GDPR requirements.

Prev post
GDPR employment data processing explained by WP29
July 25, 2017
Next post
Big Data Analytics Financial Services Singapore World Summit
August 14, 2017

Leave a Comment