November 7, 2016

The Government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR).  The Secretary of State, Karen Bradley MP, used her recent appearance before the Culture, Media and Sports Select Committee to say:

“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public”.

The Information Commissioner Elizabeth Denham says that this is “good news for the UK”.  “One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world”, she says and that is why both the ICO and the UK Government have “pushed for reform of the EU law for several years”.  According to Ms Denham, the digital economy is “primarily built upon the collection and exchange of data, including large amounts of personal data – much of it sensitive”.  Growth in the digital economy therefore requires public confidence in the protection of this information.

People want the benefits of digital services, Ms Denham says, but they want privacy rights and strong protections as well.  “Having sound, well-formulated and properly enforced data protection safeguards help mitigate risks and inspire public trust and confidence in how their information is handled by business, third sector organisations, the state and public service”.

The major difference with the implementation of the GDPR will be to give people greater control over their data, Ms Denham says, which “has to be a good thing”.  People understand that they need to share some of their personal data with organisations to get the best service, but “they’re right to expect organisations to then keep that information safe, be transparent about its use and for organisations to demonstrate their accountability for their compliance”, Ms Denham says.

Ms Denham also says that the ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

Since January 2016, the ICO has been meeting with organisations to better understand the challenges they will face to comply with the law, and it has already started to publish work to help with that, from its 12 steps to take towards compliance, to its recent privacy notices code of practice, which includes GDPR detail.

Within the next month, the ICO will be publishing a revised timeline setting out what areas of guidance it will be prioritising over the next six months.

Ms Denham concluded that, “there may still be questions about how the GDPR would work on the UK leaving the EU”.  However, she said, “this should not distract from the important task of compliance with GDPR by 2018”.  To read Ms Denham’s blog post in full, click here.