Data Protection Bill (DPB) to replace The Data Protection Act 1998
The Data Protection Bill (DPB) was announced in the Queen’s Speech on 21 June 2017 and will replace the Data Protection Act 1998. The aim of the DPB is to modernise the data protection laws in the UK to make them fit for purpose for our increasingly digital economy and society.
The Department for Digital, Culture, Media and Sport state that the main elements of the Bill are:
General data processing
- Implement the General Data Protection Regulation (GDPR) standards across all general data processing.
- Provide clarity on the definitions used in the GDPR in the UK context.
- Ensure that sensitive health, social care and education data can continue to be processed to ensure continued confidentiality in health and safeguarding situations can be maintained.
- Provide appropriate restrictions to rights to access and delete data to allow certain processing currently undertaken to continue where there is a strong public policy justification, including for national security purposes.
- Set the age from which parental consent is not needed to process data online at age 13.
Law enforcement processing
- Provide a bespoke regime for the processing of personal data by the police, prosecutors and other criminal justice agencies for law enforcement purposes.
- Allow the unhindered flow of data internationally whilst providing safeguards to protect personal data.
National security processing
- Ensure that the laws governing the processing of personal data by the intelligence services remain up-to-date and in-line with modernised international standards, including appropriate safeguards with which the intelligence community can continue to tackle existing, new and emerging national security threats.
Regulation and enforcement
- Enact additional powers for the Information Commissioner who will continue to regulate and enforce data protection laws.
- Allow the Commissioner to levy higher administrative fines on data controllers and processors for the most serious data breaches, up to £17m (€20m) or 4% of global turnover for the most serious breaches. Empower the Commissioner to bring criminal proceedings against offences where a data controller or processor alters records with intent to prevent disclosure following a subject access request.
The Data Protection Bill is likely to include specific provisions about health records. Therefore, once the Bill is published we will ask Diana Kloss to undertake a comprehensive review of the Bill and advise what if any changes may be required within our software to enable all of our customers, whether in the Public, Private or Third Sector, to be compliant with the GDPR from 25th May 2018 and the Data Protection Bill.
The Government will also publish fact sheets covering the Bill these can be found at:
https://www.gov.uk/government/collections/data-protection-bill-2017