The UK's new Data Protection Bill, published today, contains exemptions carried over from the existing Data Protection Act, the government has revealed.
The Bill will transpose the European Union's General Data Protection Regulation (GDPR) into UK law, post-Brexit. The measure is necessary as the GDPR is a centralised Regulation that therefore won't apply to the UK when it formally leaves the EU.
In order to ensure a smooth switch, therefore, the UK needs equivilant legislation in place before Brexit. A directive, in contrast, requires legislation to be passed in member states' legislatures.
Existing exemptions that ‘have worked well' in the Data Protection Act - which will be replaced by the new Bill - will carry over to the new law, the government has said in a proposal. These professions include journalism, financial services and research institutions.
The intent behind the proposal is ‘to ensure that UK businesses and organisations can continue to support world leading research, financial services, journalism and legal services,' the government said in its latest update.
Workers in several key fields who need to handle sensitive personal data without the owner's consent would be protected by the exemptions, including:
- Anti-doping agencies in sports, trying to catch drug cheats;
- Journalists who must access personal data ‘for freedom of expression and to expose wrongdoing';
- Research institutions, such as museums and universities;
- Financial services firms that price risk or process data on suspicion of terrorist financing or money laundering; and,
- Employees who access data with a justifiable reason but without consent, to fulfil obligations of employment law.
Enacting GDPR equivalency
The Data Protection Bill is intended to bring UK law in line with the General Data Protection Regulation. Both come into effect in May 2018, with the intent of giving consumers more control over their personal data and punishing companies that mishandle it; the maximum fine for a breach is four per cent of global turnover, or £17m (whichever is higher). Under current law, the maximum fine is just £500,000, with a 20 per cent discount for early payment.
Greg Day, vice president and chief security officer EMEA at Palo Alto Networks, told Computing: "The publishing of the Data Protection Bill today gives the country's business and cybersecurity leadership the clear certainty and direction on data security they've been seeking.
"How the government is implementing GDPR so thoroughly, as well as taking this opportunity to adjust domestic law to ensure clarity of roles and responsibilities for all, shows a real determination to make the UK a true leader in how organisations preserve digital trust and citizens take control about how their personal data is used.
"We look forward to this bill passing through Parliament, and how its measures, once enacted, underpin how the UK continues to build a safe, strong and dynamic digital economy."
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun
Researchers modify genetic code of cancer-killing virus so it can target cells that protect cancer from immune system
Changing the genetic coding causes the infected cancer cells to produce a protein that kills the fibroblast cells that protect cancer
The findings can help improve the current understanding of brain development disorders, such as epilepsy or autism
Dubbed HD186302, the solar twin is located about 184 light-years from Earth