UK Data Protection Act finalised
June 5, 2018 |
The implementation of the GDPR has been followed by the enactment of the new UK Data Protection Act 2018. The Act highlight the increasing sophistication of data protection laws in the UK/Europe sphere.
The Act contains provisions will which allow for continuation of the GDPR and also implements the EU Law Enforcement Directive, setting rules on the processing of personal data by law enforcement agencies and intelligence services.
Under the Act the UK’s Information Commissioner’s Office (ICO) will be able to:
- serve ‘assessment notices’ on businesses that would give them the right to enter business premises, access documents, equipment and other material, observe personal data processing and interview staff.
- produce new codes of practice in areas such as data sharing, direct marketing, and the processing of personal data by journalists, as well as in relation to age-appropriate design of websites, apps and other ‘information society services’ likely to be accessed by children.
The Act also introduces new data protection offences into UK law including:
- knowingly or recklessly obtaining or disclosing personal data without the consent of the data controller,
- procuring disclosure, or retaining the data obtained without consent.
- selling, or offering to sell, personal data knowingly or recklessly obtained or disclosed would also be an offence.
- taking steps, knowingly or recklessly, to re-identify information that has been “de-identified” although a public interest defence applies.