What Does The UK’s Data Protection Bill Mean For Business?

The UK recently published the final version of a law to replace its current data security and privacy rules.

The Data Protection Bill (DPB) will allow UK businesses to continue doing business with the EU post-Brexit. The DPB should provide a relatively easy transition for businesses gearing up for the forthcoming EU legislation.

In May 2018, the GDPR will become the data security and privacy law in the EU. UK organisations have been preparing to meet these new rules, including the right to erasure, 72-hour breach notification, and stricter record keeping requirements.

The DPB should, in theory, provide an easy transition for UK businesses after March 2019, the tentative date for the UK leaving the EU. Why? Because the DPB is effectively the General Data Protection Regulation, it’s referenced directly in the law.

Complexities

However, it’s worth noting that the DPB is not a simple piece of legislation.

A large segment of the bill is devoted to exemptions, restrictions, and clarifications that supplement the language in GDPR.

The core of the bill is found in Part 2, wherein these various tweaks are laid out including; for personal data related to health, scientific research, criminal investigations, employee safety, and public interest. The actual fine print is buried at the end of the DPB in a long section of “schedules”.

For example, GDPR legislation related to the right to erasure, data rectification, and objection to processing, doesn’t apply to investigations into financial mismanagement or public servants misusing their office. In effect, the targets of an investigation lose control of their data.

While the goal of Brexit may have been to escape EU regulations, the Data Protection Bill essentially keeps the rules in place.

Differentiations

There are also a few surprises in the new UK law.

The DPB grants regulators at the UK’s Information Commissioner’s Office (ICO) new investigative powers through “assessment notices”. These notices allow the ICO staff to enter the premises of an organisation, examine documents and equipment, and observe processing of personal data. Effectively, UK regulators will have the ability to audit an organisation’s data security compliance.

Under the existing UK data law, the ICO can only order these non-voluntary assessments against government agencies, such as the NHS. The DBP expands mandatory data security auditing to the private sector.

If the ICO decides the organisation is not meeting DPD compliance, these audits can lead to enforcement notices that point out the security shortcomings along with a schedule of when they should be corrected.

The ICO also has the power to issue fines of up 4% of an organisation’s worldwide revenue. This is the same level of monetary penalties as in the original GDPR.

For UK companies (and UK-based multinationals) that already have security controls and procedures in place, the DPB’s rules should not be a difficult threshold to meet. However, for companies that have neglected basic data governance practices, particularly for the enormous amounts of data held in file systems, the DPD will come as a surprise.

Information Age:

You Might Also Read:

A 9-Step Guide For GDPR Compliance:

UK Deal With EU On Post-Brexit Data Sharing:

GDPR - 10 Things You Must Know:

 

« Thomson Reuters Create A Knowledge Meta-Graph
Social Media & Crisis Management »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.