UK Writes GDPR into Law with New Data Protection Bill

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The pressure is now on for UK organizations to comply with the EU’s General Data Protection Regulation (GDPR) after the government announced its intention to write the legislation officially into law in the form of a new Data Protection Bill.

The proposed bill will upgrade the UK’s privacy laws for the digital age, providing consumers with sweeping new rights while mandating strict requirements on businesses which handle their data.

Organizations will: have to ask customers to opt-in for them to collect and use their personal data; be required to notify to the ICO within 72 hours of a 'serious' data breach; and face strict penalties for non-compliance of up to 4% of global annual turnover or £17 million, whichever is higher.

“Our measures are designed to support businesses in their use of data and give consumers the confidence that their data is protected and those who misuse it will be help to account,” said digital minister Matt Hancock, in a statement.

New consumer rights enshrined in the legislation include the right to be forgotten and the right to data portability, which will make it easier for netizens to request companies erase personal data on them and to transfer data between providers, respectively.

Julian David, CEO of industry body techUK, welcomed the proposed legislation as building “a culture of trust and confidence” in the UK which will help encourage “data-driven innovation”.

“techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations,” he added.

UKFast CEO, Lawrence Jones, also welcomed the new proposals.

“We have been able to win significant amounts of business from our giant American competitors simply because we are held to higher standards on data regulation than the US, and people trust that standard,” he explained.

“We will be doing everything we can to lobby the government and guarantee that our new standards are at least equal to the incoming EU regulation.”

However, there are still question marks about whether data will be able to flow unhindered between the UK and EU post-Brexit, given the mass surveillance powers granted to the UK authorities in the Investigatory Powers Act.

Some experts have suggested that there aren’t enough safeguards in place as yet for EU bodies to be comfortable having European citizens’ data stored in the UK, where it may be subject to snooping from the police or security services.

Top10VPN head of research, Simon Migliano, hinted at such concerns, arguing that consumers shouldn’t rely on the government to look after their digital rights and data.

“It feels hypocritical for the government to be trumpeting these new data protection measures while at the same time being responsible for the Investigatory Powers Act, or Snoopers' Charter, that runs completely contrary to these proposals,” he argued.

“Will the government have to ask ‘explicit’ permission to harvest your data? Will you be able to ask them to view or delete the data the Government holds on you? I doubt it.”

That said, organizations will still need to comply with the new legislation, when the GDPR comes into force on 25 May 2018.

RSA Security’s field CTO EMEA, Rashmi Knowles, warned that the new rules broaden the scope on what constitutes “personal data”, and that there’s a long road ahead for compliance, even for those organizations already governed by the UK’s Data Protection Act.

“The biggest challenge is going to be process; particularly around issues such as data availability and consent,” she added.

“This is not an annual audit that companies need to comply with, the audit can come at any time so businesses need to be focused on continuous compliance, which is a huge task – technology alone is not the answer. For anyone who was in doubt that GDPR will impact them come May 2018, this move by the government is a clear indication that it will – regardless of Brexit.”
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
A win for those of us living in the UK even if I don't agree with the "right to be forgotten" directive that comes with it.
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
Good news from our government for once. I have no doubts that the option to "opt out" will not be in easy to find place when online, lol.
 
  • Like
Reactions: frogboy

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
They're incorporating EU law in Room A while discussing Brexit in Room B? o_O

At least GCHQ gets to siphon off all the data themselves now without having to share the loot with others. :p
I can almost hear them giggle while it's being signed. :D
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
At least GCHQ gets to siphon off all the data themselves now without having to share the loot with others.
I doubt it. The rest of the EU relies heavily on the UK when it comes to intelligence gathering/sharing and it's something I've no doubt will be included in Brexit negotiations.
I'd wager there'll be a deal struck for the UK to continue contributing to Europol and intelligence sharing with other EU jurisdictions, especially with British intelligence agencies lack of regulation and carte blanche approach to data collection.
 
  • Like
Reactions: Weebarra

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
@Arequire I wasn't referring to GCHQ's collaboration with other intelligence agencies. Of course they share everything without a second thought. That's not an EU thing.

I meant that businesses are now called to privacy standards while your typical letter agencies still do whatever they want anyways. Great privacy law. It's just like the government doling out goodies when all they ever did was take them out of your left pocket before putting them in your right one—and have themselves celebrated for it.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
I meant that businesses are now called to privacy standards while your typical letter agencies still do whatever they want anyways. Great privacy law. It's just like the government doling out goodies when all they ever did was take them out of your left pocket before putting them in your right one—and have themselves celebrated for it.
Oh definitely. It's hilarious how hypocritical the whole situation is. The sadly ironic part is those three letter agencies pose a far greater risk to our data as individuals than any business entity does.
 
  • Like
Reactions: Weebarra and Fritz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top