In June 2017, the Queen’s Speech announced a new Data Protection Bill.
This Bill will effectively implement the GDPR, which comes into force in May 2018 and reiterates the UK’s commitment to the principles of information privacy and data protection enshrined in the EU Regulation.
The forthcoming new Data Protection Act will replace the Data Protection Act (1998) and, while reinforcing the UK’s commitment to a robust privacy environment, will provide clarity on how the UK will apply statutory controls to the GDPR. When the UK leaves the EU the new Data Protection Act will replace the GDPR.
A key objective of the new law is to ensure the privacy rights of individuals are protected, with the Bill aiming to “strengthen rights and empower individuals to have more control over their personal data including a right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it”.
Commenting on the Data Protection Bill, Culture Secretary, Karen Bradley said:
The Data Protection Bill will give people more control over their data, support businesses in their use of data, and prepare Britain for Brexit.
In the digital world, strong cybersecurity and data protection go hand in hand. This Bill is a key component of our work to secure personal information online.
The Information Commissioner’s Office will continue in its role as the UK’s data protection regulatory body and will be equipped with new powers of enforcement, in line with the GPDR.