The General Data Protection Regulation (GDPR) will be enforced on the 25th May 2018 and will replace the UK Data Protection Act 1998 (DPA), for more detail about GDPR read our blog.
Brexit has left many questioning whether the GDPR will apply to UK firms and the effect this will have on agreements with the US & other countries we share our data with.
A Data Protection Bill (DPB) is currently working its way through Westminster which will echo the UKs pledge to privacy principles protected in the EU Regulation.
Following the UKs departure from the EU, the new Data Protection act would replace GDPR making the act crucial to ensure the UK maintains data protection laws and therefore allow the free movement of personal data between the UK and EU post Brexit.
If the bill is regarded inadequate, the flow of data between boarders will become increasingly difficult and will result in impacts on trade and commerce.
The Data Protection Bill will give the U.K. Information Commissioner (the UKs data protection body) more control and authority to penalize data breaches. This can include fines of up to 4% of annual global turnover, or $20 million – Whichever is greater.
The Government is also introducing a new ‘digital charter’, which will ensure the UK “is the safest place to be online” and will be underpinned by regulations.
Finally, GDPR compliance is not a choice and demands that you are able to demonstrate compliance with its regulations. Following Brexit the DPB will introduce regulations which will fall in line with GDPR, making it necessary that you have appropriate procedures and policies in place to deal with data transparently and take accountability for each individual’s right. This will help you to build a workplace culture of data privacy and security.