2.5 minute read.
Back in June, a new Data Protection Bill was announced as part of the Queen’s Speech, aiming to regulate data protection in the UK. This regulation was introduced to the Houses of Parliament officially on Thursday 14th September.
The new bill will put the 1998 version of the Data Protection Act into retirement once it comes into effect, with good reason. So much of the digital industry has changed in the twenty years since the original act came into force that many aspects surrounding data protection are no longer relevant and other key areas not simply covered.
As well as covering new technologies, the bill will mark the significance the industry will face in a post-Brexit UK; making it possible to maintain a similar level of regulation to that of the EU.
So what is covered on the new bill?
Put simply, the concept means individuals will have much more control over their personal data and where it can be found. A headline example to draw immediately is the informally named ‘right to innocence’, handing individuals the power to request social networks remove any data posted by the individual before they turned 18.
There’s also the ‘right to be forgotten’. Currently, an individual or organisation is only able to request unwanted search results (such as an old or incorrect and damning news story) be removed by a search engine if the information coming up in the results causes significant distress. Both of these informally nicknamed rights fall into the official ‘Right to Erasure’ – intended to make an easier path for individuals to protect their personal data online.
Once published, the new bill will also incorporate most aspects of the much-publicised GDPR coming into play in May 2018, including the fine system charging organisations up to €20 million for a breach of data protection. Whilst GDPR and the Data Protection Bill will complement each other, they vary on what they cover. GDPR more intently covers personal data held and used by companies and there are stringent fines for any breach of the new regulation.
There’s just 34 weeks until the GDPR begins. The fine system will be implemented immediately.
If your organisation needs guidance on what this means for you, we can help.
Get in touch. [email protected]