<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

The UK Data Protection Bill 2017 vs. The GDPR

Topics: Data Protection, Regulation, GDPR, General Data Protection Regulation, Data Protection Bill, Privacy

Posted: 17 August 2017

UK Data Protection Bill 2017 GDPR Red Tape

It's almost six months until the implementation date of the European GDPR (General Data Protection Regulation) and the UK begins its journey toward the club's exit door. The release of the DPB (Data Protection Bill 2017) has confirmed the UK's position on how it plans to remain tied, yet distinct from its European neighbours.

The Lure of the Continent

Despite political ties being severed, the UKs geographical position will forever remain unchanged and with it, a large market at its doorstep. For fear of being deemed an extra-territorial location with insufficient data privacy laws affecting over 40% of its trade and cross-border data sharing capabilities. The UK has instead opted to enact the principles of the GDPR into national law in the form of the DPB, ensuring its position whatever may come from the Brexit negotiations.

How Does it Differ?

For those who have prepared and studied the incoming European regulation, very little has changed other than the name by which it is known. Data subjects will retain the same rights and data controllers will still incur the same obligations and of course, those headline-grabbing administrative penalties still apply. However, possibly in an attempt to become the "Switzerland of data privacy", the UK has included some additional penalties in the event of:

  • - Re-animating the Anonymous - Under the GDPR personal data is afforded protective controls which would render it anonymous by using methods such as pseudonymisation. Any attempt to de-anonymise or stitch personal data back together to reveal an identity will become a criminal offence.
  • - Manipulating Personal Data - Subject access requests are a key data subject right, enabling data subjects to request access to all held personal data records from a data controller. If the returned personal data has been found to have been tampered with or modified in anyway, then this again can result in a criminal offence.

In both cases, the accused can be pursued through a criminal court which will undoubtedly damage the represented brand, however this will be less worrying than the fact that convictions can be accompanied by an unlimited value administrative penalty. That's right... for those who viewed the GDPR's administrative penalties as unwarranted and eye-watering, there is a new extremity in town.

Here Comes 2018

Come May 2018, the UK's DPB will have made its way successfully through both chambers of parliament, keeping the UK aligned with the continent and affecting those that use personal data as has been expected. Once the UK negotiates its exit from the European Union, it is hoped that the DPB will ensure a frictionless transfer from GDPR to approved third country. Yet, there remain questions about the likelihood of the EU approving the UK approved third country status given the mass surveillance powers granted to authorities via the Investigatory Powers Act 2016.

Despite many of the details still to be ironed out, the intention is still there. Brexit will have no effect on the UK either joining or equalling the GDPR. If denial still exists, it must now be extinguished because not only is it foolhardy in the face of a wave of inevitable change but because it is now possible to land yourself with both a criminal conviction and limitless value fine. The DPB is the GDPR, it is just wearing a Union Jack coat.

Data Protection CCTV GDPR for Life

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts