GDPR, data, protection, security, cyber security, customer data, flaw

Post Brexit – Data Protection Bill

How the Data Protection Bill will replace GDPR following Brexit
What About Brexit?

GDPR is a Regulation, not a Directive and will, therefore, apply to all EU member states. The UK referendum result means that it will no longer be an EU member state in the near future. However, GDPR will come into force on 25th May 2018, before the UK’s Brexit matters are concluded, and since it applies to companies that deal with the data of EU citizens, it (or at least the UK’s own Data Protection Bill) will apply after Brexit.

UK Information Commissioner, Elizabeth Denham has said that she supports the UK adopting the EU regulation even post-Brexit because if the UK is to continue doing business with Europe, British businesses will need to share information about and provide services for EU customers.

The UK’s Equivalent of GDPR – The Data Protection Bill

With this in mind, the UK is bringing in its own Data Protection Bill, which was announced in the Queen’s speech in June 2017, and was introduced to the House of Lords on 13 September 2017. This will allow UK businesses to continue doing business with the EU post-Brexit. GDPR will become law in the UK in May 2018, but the Data Protection Bill (DPB) will enable UK businesses to make the transition after March 2019, the current tentative date for the UK leaving the EU (Brexit).

This new UK DPB will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law. The Bill covers many exemptions, restrictions, and clarifications relating to GDPR. Crucially, the DPB will mean that:

It will be easier for people to see / obtain the data that organisations hold about them, and to withdraw consent for the use of their data

People can ask for their data to be erased / forgotten

Companies will need to ask for explicit consent to process personal data

More things will be included under the term ‘personal data’ e.g. IP addresses, DNA and even cookies (text files loaded onto computers during website visits)

Re-identifying people from sources such as anonymous or pseudonymised data will be a criminal offence

DPB Extra Powers – ‘Assessment Notices’

The DPB will give extra assessment powers to UK regulators that are not currently available unless they relate to government agency. For example, new ‘Assessment Notices’ will give the Information Commissioner’s Office (ICO) the powers to enter the premises of any organisation, and to audit its data security compliance e.g. by examining documents, equipment and processing of data.

If it is decided from the audit that an organisation is not DPB compliant, enforcement notices and a schedule for correction can be put in place. Fines can also be issued of the same level as GDPR e.g. 4% of an organisation’s worldwide revenue.

Just as GDPR compliance sounds challenging to businesses / organisations that are not prepared, it could represent an even bigger challenge to businesses (UK companies and UK-based multinationals) / organisations that have neglected data the enormous amounts of data held in file systems. For them, the DPB will doubtless come as a shock.

"Great work from Reece for connecting me to the office printer."

Logistics, London
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650