UK legislation will resemble EU’s GDPR

In a speech to the House of Lords’ EU Home Affairs Sub-Committee, digital minister Matt Hancock has confirmed that the UK will replace the 1988 Data Protection Act with legislation that mirrors the European Union’s (EU’s) General Data Protection Regulation (GDPR).

Answering questions on how UK data protection will look after Brexit, Hancock said that the way to ensure the UK is able to negotiate an uninterrupted flow of data with the EU is to put GDPR into UK law.

“In a sense, we are matching them rather than asking them to match anything new from the UK,” he said.

Hancock repeatedly emphasised that unhindered data flows between the UK and EU – including law enforcement and medical research data – is a key goal that the UK government will pursue in the Brexit negotiation process.

“The reason there are so many questions around data protection is that the EU is moving its own domestic law at the same time as we will be going through the Article 50 process. We have got to make sure that we look at the whole [of the data protection and privacy changes taking place],” he said.

Hancock noted that GDPR introduces obligations for data controllers and processors in several areas, that it strengthens the rules for obtaining consent and for breach notification, and that it emphasises self-assessment in the management of data, Computer Weekly reports.

Hancock said his department was “fully resourced” to deliver GDPR compliance inside government, and that outside government, GDPR compliance would bring some requirements on companies – a good thing considering the increasing importance of data in business activities.

A recent survey commissioned by Netskope however, has revealed that 62% of working British adults have never heard of EU GDPR and that over 70% have yet to be informed of the regulation by their employers. The survey, which gathered insights from 2,000 British adults highlights ongoing industry issues regarding the understanding and availability of information regarding GDPR.