Parliament Bill’s Post-Brexit Data Protection Plan Looks a Lot Like the EU’s

If a new data protection bill currently under consideration in Parliament becomes law, it would mean that the European Union’s data protocols will be in the United Kingdom to stay—even after Brexit.

Data Protection in the UK

The stated purpose of the bill, recently introduced in the House of Lords, is to modernize the UK’s existing data protection laws to make them compatible with ever-changing technology, empowering people to take more control of their data. Concurrent with those protections, the new bill is designed to ensure that the UK is prepared for the upcoming post-EU reality.

Replacing the UK Data Protection Act of 1988

The proposal, a comprehensive replacement to the Data Protection Act of 1988, has drawn criticism for its length, circular definitions, and confusing language. For data handlers who were hoping to escape the EU’s sweeping General Data Protection Regulations once Brexit kicks in, they will have to rethink their options and continue to work on their implementation plans.

Many of the bill’s sections incorporate the EU’s protocol or require the use of the same defined terms.  Two of the stated purposes of the bill, in fact, are to “set new standards for protecting general data, in accordance with the GDPR” and to “implement the GDPR standards across all general data processing.”

Companies and firms will be expected to adequately protect their IT systems from intrusion, malicious breaches, and theft of data. For those organizations that are already compliant with the 1988 standards, some analysts say meeting the new standards is not excessively burdensome. Others are concerned that the addition of the confusing bill to the already tough standards of the GDPR is excessive and will add unnecessary time and resources needed for companies to comply with both.

Differences Between GDPR and Proposed UK Bill

As for differences between the proposed U.K. bill and the GDPR, the biggest probably address exceptions: The bill allows for some exceptions not contemplated in the GDPR. Public interest groups, governing bodies for sports, and researchers are among those areas that might be eligible for exceptions from the law’s requirements.

The bill received its second reading in the House of Lords on Oct. 10, and will now move to the committee stage for closer review.

Filed under: cybersecurity, data breach, data privacy, data protection, data security, GDPR, general data protection regulation, information governance

The contents of this article are intended to convey general information only and not to provide legal advice or opinions.