The UK government have announced plans to overhaul privacy rules for data in a move that is intended to be a departure away from the GDPR set by the EU in May, 2018.
The implications for businesses, particularly those that have an online presence, could be significant, but it is still unknown, and could be some time, until the new rules are devised and put into force.
The intention behind the move away from the EU’s GDPR is to give business’s more freedom and support economic growth. Oliver Dowden, the digital, media and culture secretary say the UK wants to shape data laws based on “common sense, not box-ticking”.
What is GDPR?
The GDPR, or General Data Protection Regulation, was the replacement for the EU’s Data Protection Direction, which were the minimum standards for processing data within the EU. Intended to strengthen an individual’s rights to their personal data, held by companies, the GDPR has enabled regulators to hold companies who don’t comply to account, with substantial fines, in a uniform way across the EU.
Why didn’t we just abandon GDPR when we left the EU?
The UK would have been able to walk away from the GDPR when it left the EU on 1 January 2021, if the government hadn’t written it into UK law at the same time the GDPR came into force. The 2018 Data Protection Act was written to incorporate the exact terms of the GDPR so there would be no discrepancy between EU and UK law – as a result, the UK is still subject to the same terms as the GDPR, even after Brexit.
What are the new data protection laws going to mean for businesses?
No one yet knows what the new data protection rules will mean for businesses and individuals at this stage, but there are concerns that the level of protection for individuals’ data is sufficient, and that rules should not go too far in terms of prioritising freedom for businesses and risk major security breaches.
‘Adequacy agreements’ between countries are already in force, to ensure that levels of data protection are equivalent, prior to any agreement to allow data to travel back and forth. What this means, in practice, is that the UK will not be able to depart too far away, in reality, from the current data protection rules, or GDPR, we already have.
What next?
Wait and watch.
We will report back any further GDPR, and data protection, news in our Web Academy, and all Cultrix customers may rest assured that any implications of any data protection changes, requiring alterations to their website and CMS will be contacted well in advance.
Remember, at Cultrix, compliance is always our starting point.
< Read more articles on our IT Academy
Business services like IT support, when they work properly, are a true partner to business. Here’s what it’s like when your IT support is a true partner.
If it can happen to McAfee, UNICEF and eBay…
It’s a wake-up call for brands – the SubdoMailing attack sees 8000 household names’ domains hijacked and exploited. Here’s why and how to protect your brand.