In April 2016, the European Union paved the way for a single European Digital Market by adopting major data protection reforms. A New Regulation (‘The General Data Protection Regulation’)* would have replaced the current UK Data Protection Act 1998, coming into force on 25 May 2018.
Following the Brexit decision by the UK public, European Union laws and regulations have become more uncertain. However, the European Communities Act 1972 remains in force in the UK which continues to give EU regulations direct effect. The ICO have stated that we are in need of “clear laws with safeguards” and are form of UK data protection law is necessary. Given the progress of the digital market and the business need to transfer data across borders, it is likely that any reform of UK data protection law will take much of the same tone as the New Regulation.
Whilst the underlying principles of the current EU data protection regime are retained, clarified and expanded, the reforms also introduce new and complex concepts in relation to the processing of personal data.
Inevitably changes to data handling processes and customer documentation will be needed to comply with the new standards, and business will have an express obligation to document and demonstrate compliance and its response to any personal data security breach.
Forward planning the transition to the new regime and reassessing its risk profile, is of key importance to businesses seeking to maintain customer confidence and avoid the massively increased financial penalties proposed.
Our data protection experts outline some of the key changes and some practical tips to help businesses prepare for implementation.