tashka2000 - Fotolia
The government has promised a new data protection law aimed at incorporating the EU General Data Protection Regulation (GDPR) into UK law.
This is a significant move that will provide businesses with certainty on the UK’s intention to meet the obligations of the GDPR, said PwC’s global data protection legal services leader Stewart Room. “For citizens, it confirms their data protection rights will be fully enshrined in UK law after Brexit,” he said.
The UK has long been a world leader in data protection, said Room. “We have one of the strongest regulatory frameworks in the world and our system is highly respected. “We can now build on these foundations to ensure the country continues to be a real destination for data-driven business post-Brexit,” he said.
James Mullock, partner at international law firm Bird & Bird, said it would be interesting to see to what extent a new UK law will simply repeat the same provisions of the GDPR.
“In the Conservatives’ manifesto, the ‘right to be forgotten’ commitments included a promise to implement legislation specifically targeting social media companies. It will be interesting to see whether the new law is also framed in that way,” he said.
Although the GDPR has been finalised and will come into effect in May 2018, Mullock said it gives EU member states some leeway to introduce their own optional exceptions in areas such as crime prevention, and also to add their own provisions in areas such as staff data processing.
“Countries such as Germany have already started this process, so it is in the UK’s interests that the government follows suit and gives businesses some certainty as soon as possible, given the high fines which will apply in this area in less than 12 months’ time,” he said.
Read more about GDPR
- All companies should have assessed what they need to do to comply with the GDPR and should be working on that, says the Information Commissioner’s Office.
- GDPR: One year to compliance and opportunity.
- Finding customer data is big hurdle to meeting GDPR right to erasure.
- The Information Commissioner’s Office sets out plans for publishing guidance on the EU General Data Protection Regulation.
Iain Chidgey, vice-president and general manager international at data firm Delphix said the new data protection law outlined in the Queen’s Speech suggests the UK plans to go even further than the legislation put in place by GDPR.
“While GDPR will be folded into UK law post-Brexit, the proposed bill adds additional safeguards, including overhauling the powers of law enforcement and the powers of the information commissioner,” he said.
If the government is serious about making the UK the safest country in the world to be an online user, Chidgey said this legislation is another step towards that goal.
“It shows the government recognises that data privacy is a basic human right to be protected. However, it’s only achievable if organisations have clear guidelines to follow and adequate time to replace or amend systems to comply with it,” he said.
Establishing a world-class data protection regime
Peter Carlisle, vice-president for Europe at Thales e-Security, said it was encouraging to see that the UK government will be placing a greater emphasis on establishing a world-class data protection regime.
“The greater the volumes of data accessible online, the greater the potential for exposure and the increased chance of hackers taking advantage of systems that some have thought impregnable,” he said. “Ensuring that both individuals and businesses have as much control as possible over where and how their data is used is critical to the UK’s broader cyber security strategy.”
Beaming, a specialist business internet service provider also welcomed the government’s commitment to improving cyber security.
“Cyber security breaches cost businesses almost £30bn last year, and small firms in particular are accelerating investment in security technologies to protect themselves and their customers from threats online,” said Sonia Blizzard, managing director of Beaming.
“Making the UK the best place to start and run a digital business requires far more than a commitment to boosting security,” she said. “As customer expectations and data usage grow, factors such as speed and service resilience become ever more important, so it is vital that the Conservatives keep their manifesto pledge to accelerate rollout of the full-fibre technology that will improve service
Research conducted for Beaming earlier this year revealed UK businesses were subjected to almost 230,000 cyber attacks each during 2016, on average, that 52% of UK businesses fell victim to some form of cyber crime in 2016 at a cost of £29.1bn, that viruses and phishing attacks were the most common corporate cyber threats faced by businesses impacting 23% of the businesses surveyed, and that just under a fifth of firms suffered some form or hack or data breach in 2016.