Data Protection vs. GDPR
The UK Government today announced new measures to strengthen UK Data Protection Laws.
Releasing a statement of intent, Minister of State for Digital Matt Hancock commented, “The new Data Protection Bill…will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
Many of us know that the EU General Data Protection Regulation (GDPR) will be coming into force in May 2018. So how do these two new pieces of legislation fit together?
The GDPR and UK Data Protection Bill
Essentially, we understand that the reason behind today’s proposed new Data Protection Bill is to introduce the principles of the GDPR into UK law smoothly.
“The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.” – Gov.uk
The new Data Protection Bill appears to include all the principles of the GDPR. Core points include:
- Expanding the definition of Personal Data to include ‘online identifiers’, such as cookies and IP addresses
- Widening individuals’ rights to access and request changes to their data
- Allowing people to ask for their data to be erased
What’s next for in-house recruiters?
It looks as though organisations should continue to prepare for GDPR compliance, as all principles will be woven into UK Data Protection laws by May 2018.
There are many steps on the path to GDPR and Data Protection compliance, and in-house recruitment teams should begin preparing for these now.
To get started, a data-mapping exercise is an essential first step to understand the flow of information in your organisation. This will help you document how data enters and leaves your organisation, how you process and store it, and whether you have an appropriate legal basis to do so.
As both a data processor and data controller, we will be posting about the GDPR and Data Protection Bill over the next few months to help keep in-house recruitment teams updated.
There’s a lot to take in, and a lot for organisations to do, but with heavy sanctions for those who aren’t GDPR compliant, we would urge organisations to start reviewing their processes and seek legal advice as soon as possible.
Please note: This is our interpretation of today’s announcement, and should not be taken as legal advice. Always consult a suitably qualified lawyer for advice and guidance.
Find out more
How will GDPR impact in-house recruitment teams? Here’s what we know so far…
Do you know the 6 core principles of the GDPR? Our new infographic could help
For more information about today’s announcement, visit the Gov.uk website