It’s the moment we’ve all been waiting for… The government has now published the Data Protection Bill, which is intended primarily to enshrine the equivalent EU law. This nascent legislation, which confirms the powers of the ICO, covers:
- EU regulation 2016/679 (the General Data Protection Regulation), which comes into force in the EU on 25 May 2018
- EU directive 2016/680 (the Law Enforcement Directive), which comes into force in the EU on 6 May 2018
The GDPR runs to 88 pages and the LED 43, so perhaps it’s no great surprise that the Data Protection Bill weighs in at a hefty 218 pages. (Wide margins, so that’s something.) It’s going to take a while to wade through, but what we can say immediately is that it’s every bit as bad as we feared. Certainly the €20m/4% fines have survived the translation into Britlaw.
Unlike GDPR, the DPB has a contents page, which is great. It’ll be that bit easier to look up how much trouble we’re in.
Expect the Bill to come into force largely unchanged, probably by next May and definitely before Brexit.