UK government publishes new UK Data Protection Bill

Last week, the UK government published its new Data Protection Bill, intended to replace the Data Protection Act of 1998. This Bill establishes a comprehensive and modernised framework for the protection of personal data in the UK.

In essence, the Bill applies the GDPR standards across all processing activities covered by the GDPR, while also taking advantage of the discretion left to Member States to implement derogations and special conditions to certain processing activities; however, the scope of the Bill is broader than the GDPR, as it also regulates the processing of personal data by law enforcement and national security agencies, as well as other general processing activities falling outside of the scope of Union Law.

Structure and Content of the Bill

The Bill is structured into 5 main sections:

Relationship with the GDPR

Once enacted, the Bill will operate in tandem with the GDPR, thus, supplementing it, until the UK leaves the EU. Since the Bill applies the GDPR standards, it will allow the continued application of these standards even after Brexit, which should facilitate compliance for businesses. This Bill also ideally positions the UK for an adequacy decision from the EU Commission regarding cross-border transfers from EU to the UK.

The Bill was submitted to the House of Lords on 13 September 2017. The text of the Bill can be found here, along with a series of factsheets and documents related to each of the main sections that we’ve briefly analysed in this post.

How OneTrust Helps

OneTrust provides a tool with templates and questionnaires which can help organisations comply with privacy obligations around the world. Tools with questionnaires can help your company comply with GDPR requirements, but these questionnaires can also be tailored by country to tackle specific requirements that are dependent upon your geographic location.