On appearing before the Culture, Media and Sports Select Committee on 24 October 2016, the Secretary of State Karen Bradley MP, confirmed that the UK will be implementing the General Data Protection Regulation (GDPR) in May 2018.
The Information Commissioner, Ms Elizabeth Denham, identified this implementation as “a good thing” for the UK as it promotes an acknowledgement of the importance of the digital economy, stating that it will allow for people to have more control over their personal data.
The Information Commissioner’s Office (ICO) has recognised that the digital economy has mainly been built upon the collection and exchange of personal data, much of it being sensitive, and therefore growth in this economy calls for public confidence that their information is protected. In order to help businesses and public bodies prepare for compliance with the GDPR’s requirements, the ICO has published a 12-step checklist, an updated privacy notices code of practice and will publish a revised timetable setting out its priorities for the publication of guidance over the next six months.
It does, however, remain unclear as to what amendments may be made to data protection laws when the UK leaves the EU. In the meantime, the Information Commissioner has suggested that the best advice for businesses is to read the ICO’s overview of the GDPR as this sets out the key themes of the Regulation and will assist organisations in their understanding of the similarities with existing UK data protection laws, whilst also highlighting the new requirements.
