What Does The UK’s Data Protection Bill Mean For Business?

Uploaded on 2017-11-15 in BUSINESS-Services-Law, FREE TO VIEW, GOVERNMENT-National, NEWS-Cybersecurity News

The UK recently published the final version of a law to replace its current data security and privacy rules.

The Data Protection Bill (DPB) will allow UK businesses to continue doing business with the EU post-Brexit. The DPB should provide a relatively easy transition for businesses gearing up for the forthcoming EU legislation.

In May 2018, the GDPR will become the data security and privacy law in the EU. UK organisations have been preparing to meet these new rules, including the right to erasure, 72-hour breach notification, and stricter record keeping requirements.

The DPB should, in theory, provide an easy transition for UK businesses after March 2019, the tentative date for the UK leaving the EU. Why? Because the DPB is effectively the General Data Protection Regulation, it’s referenced directly in the law.

Complexities

However, it’s worth noting that the DPB is not a simple piece of legislation.

A large segment of the bill is devoted to exemptions, restrictions, and clarifications that supplement the language in GDPR.

The core of the bill is found in Part 2, wherein these various tweaks are laid out including; for personal data related to health, scientific research, criminal investigations, employee safety, and public interest. The actual fine print is buried at the end of the DPB in a long section of “schedules”.

For example, GDPR legislation related to the right to erasure, data rectification, and objection to processing, doesn’t apply to investigations into financial mismanagement or public servants misusing their office. In effect, the targets of an investigation lose control of their data.

While the goal of Brexit may have been to escape EU regulations, the Data Protection Bill essentially keeps the rules in place.

Differentiations

There are also a few surprises in the new UK law.

The DPB grants regulators at the UK’s Information Commissioner’s Office (ICO) new investigative powers through “assessment notices”. These notices allow the ICO staff to enter the premises of an organisation, examine documents and equipment, and observe processing of personal data. Effectively, UK regulators will have the ability to audit an organisation’s data security compliance.

Under the existing UK data law, the ICO can only order these non-voluntary assessments against government agencies, such as the NHS. The DBP expands mandatory data security auditing to the private sector.

If the ICO decides the organisation is not meeting DPD compliance, these audits can lead to enforcement notices that point out the security shortcomings along with a schedule of when they should be corrected.

The ICO also has the power to issue fines of up 4% of an organisation’s worldwide revenue. This is the same level of monetary penalties as in the original GDPR.

For UK companies (and UK-based multinationals) that already have security controls and procedures in place, the DPB’s rules should not be a difficult threshold to meet. However, for companies that have neglected basic data governance practices, particularly for the enormous amounts of data held in file systems, the DPD will come as a surprise.

Information Age:

You Might Also Read:

A 9-Step Guide For GDPR Compliance:

UK Deal With EU On Post-Brexit Data Sharing:

GDPR - 10 Things You Must Know:

 

« Thomson Reuters Create A Knowledge Meta-Graph
Social Media & Crisis Management »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Howden Broking Group

Howden Broking Group

Howden provides a range of specialist insurance solutions to clients around the world including Cyber Liability insurance.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

Ciena

Ciena

Ciena is a global leader in optical and routing systems, services, and automation software. We build the world’s most adaptive networks to address ever-increasing digital demands.

Scalefusion

Scalefusion

Scalefusion provides a comprehensive suite of products engineered to simplify endpoint, user, and access management for IT teams.