FORGET ABOUT GDPR: LOOK AT THE INCOMING DATA PROTECTION BILL

Description

Organisations have been rushing to comply with the General Data Protection Regulation (GDPR) ahead of the new requirements coming into force on Friday 25 May. With good reason too. Under GDPR, data protection supervisory authorities – amongst them the Information Commissioner’s Office (ICO) – can charge non-compliant corporations up to €2m or 4 per cent of worldwide annual revenue, whichever is higher, depending on the type and gravity of infringement.

In October 2016, the ICO issued telecoms company TalkTalk with a £400k fine for a data breach affecting personal data of almost 157,000 customers. Bear in mind that under previous British privacy law (the 1998 Data Protection Act) the monetary penalty determined by the ICO for infringements could not exceed £500k. GDPR therefore introduces the possibility of much heavier fines for data breaches.

But there is a piece of incoming legislation on data protection, which is even more relevant than GDPR for British corporations – the Data Protection Bill. The Bill governs general data covered by the GDPR as well as covering all other general data, law enforcement data and national security data..