• Careers
  • Contact Us

New Data Protection Laws - Government Publishes Statement of Intent

on Friday, 18 August 2017.

The Statement outlines the government's proposals for the new Data Protection Bill.

One of the purposes of the Bill is to keep the EU General Data Protection Regulation (GDPR) as part of UK law after Brexit. Even though the GDPR will apply from 25 May 2018, regardless of any action taken by the government or Parliament, measures are needed in preparation for the UK leaving the EU. The government stated that "bringing EU law into our domestic law will ensure that we help to prepare the UK for the future after we have left the EU".

Does the Statement of Intent Tell Us Anything New About the GDPR?

The GDPR gives all member states the ability to make their own laws on certain issues. The Statement sets out the government's proposed approach to some of these national derogations. For example:

  • Under the GDPR, consent to provide online services to children should come from a parent until the child is 16 years old. The UK intends to lower this age to 13 years old.

  • The UK will introduce a new exemption to the right of individuals not to be subject to automated decision making which has significant effects. However, this will be subject to measures which safeguard individuals' rights, freedoms and legitimate interests. The government's thinking is that there are "legitimate functions which are dependent on automated decision making", such as credit reference checks when considering a loan application.

New Criminal Offences

The Bill will create two new criminal offences:

  • an offence of intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data, or knowingly handling or processing such data

  • an offence of altering records with intent to prevent disclosure following a subject access request

It will also widen the existing offence of unlawfully obtaining data to include the retention of data against the data controller's wishes, even in cases where the data was initially obtained lawfully.

What Should You Be Doing?

It is clear that despite Brexit, the more onerous obligations placed on organisations by the GDPR need to be carefully considered.  There are a range of issues for employers to consider - from ensuring that appropriate measures are in place to keep information secure to updating contracts and policies.   We offer a range of services to help you to prepare for the new data protection regime.


For more information, please contact Claire Hall, in our Data Protection team, on 0117 314 5279.

Leave a comment

You are commenting as guest.