The British Government has recently published the Data Protection Bill, devised to bring UK data protection up to date. The Bill will give UK citizens more control over their personal data and allow stricter penalties to be sanctioned on the groups that violate the law.
This Bill is being introduced as part of National Cyber Security Strategy and incorporates the European Union data protection regulations, GDPR, that come into force in May 2018.
Fines of up to €20 million or 4% of total global annual revenue may b imposed under GDPR and this is included in the UK Data Protection Bill. It will not be affected by the Brexot as GDPR will already be integrated into law by EU withdrawal bill. Due to this UK businesses must adhere with GDPR when working with personal data.
Along with including the provisions of GDPR, the Bill also affects how law enforcement and national security agencies handle private personal data. There will also be changes made as to how employers must process sensitive personal data like sexual orientation, religious beliefs, union membership, political opinion, health data and data relating to ethnic origin.
As with GDPR, the new UK bill obligates those handling personal data to receive stated permission prior to processing sensitive personal data. Employers processing personal data will be required to adhere with the Bill and implement rights in employment law if a policy document satisfies additional requirements. This will also be the casewith processing criminal conviction data.
When processing the following employers must not reveal information to employees:
- Subject access requests for categories of information such as that covered by legal professional privilege
- Information management planning,
- Information relating to employer’s intentions during negotiations with the employee
- Confidential references given but not those received
The new UK Bill incorporates EU GDPR and was devised to guarantee the privacy of United Kingdom citizens.