One of the purposes of the Bill is to keep the EU General Data Protection Regulation (GDPR) as part of UK law after Brexit. Even though the GDPR will apply from 25 May 2018, regardless of any action taken by the government or Parliament, measures are needed in preparation for the UK leaving the EU. The government stated that "bringing EU law into our domestic law will ensure that we help to prepare the UK for the future after we have left the EU".
The GDPR gives all member states the ability to make their own laws on certain issues. The Statement sets out the government's proposed approach to some of these national derogations. For example:
The Bill will create two new criminal offences:
It will also widen the existing offence of unlawfully obtaining data to include the retention of data against the data controller's wishes, even in cases where the data was initially obtained lawfully.
It is clear that despite Brexit, the more onerous obligations placed on organisations by the GDPR need to be carefully considered. There are a range of issues for employers to consider - from ensuring that appropriate measures are in place to keep information secure to updating contracts and policies. We offer a range of services to help you to prepare for the new data protection regime.