About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Brexit and the UK Data Protection Bill: How does it impact you?

Subscribe to our newsletter

By Dennis Slattery, CEO at EDMworks

On September 13, the UK government introduced in Parliament the Data Protection Bill. Its purpose is to implement a comprehensive data privacy framework for the UK in the post-Brexit environment. The scope of the bill covers:

  • Implementing the General Data Protection Regulation (GDPR) into UK law
  • Implementing the EU Law Enforcement Directive (LED), which member states have until May 6, 2018 to transpose into national law
  • Adopting the standards on processing of personal data carried out by the intelligence services.

The bill is meant to function as a bridge between the existing UK approach to data protection under the 1998 Data Protection Act and the new framework created by the GDPR and the LED. In essence, the bill reinforces the UK’s position on data protection by replicating many of the provisions and safeguards contained in the 1998 Act.

These include processing of sensitive data around criminal convictions, automated decision-making safeguards and exemptions for processing under certain types of circumstances, for example, crime and taxation purposes, research, historical or statistical purposes. The age of a child for UK consent purposes is set at 13, as against 16 in the GDPR.

New criminal offences

The existing offence of unlawfully obtaining personal data is retained with the penalty of unlimited fines. Two new offences are created: (1) re-identification of personal data which is contained in an anonymised dataset; and (2) alteration of personal data to prevent disclosure in response to a data subject access request.

Watch out for the Brexit negotiations!

Transferring data across the EU boundary is tricky. The EU Commission controls a list of ‘3rd’ countries it deems as having ‘adequate levels’ of data protection. Only a few countries are listed: Andorra, Argentina, Canada (commercial organisations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay. To transmit data to an entity in another country involves additional legal mechanisms such as the EU/US ‘Privacy Shield’ agreed between the US Department of Commerce and the EU Commission.

In simple terms, EU privacy law puts human rights at the core of data protection, while the US prioritises ‘national security’ ahead of personal privacy. ‘Privacy Shield’ tries to resolve this by providing a legal framework, but it is subject to constant (and successful) legal challenge, which generates uncertainty for everyone involved.

Arguably, the UK position on privacy lies somewhere between the EU and US positions. The status of post-Brexit cross border flows is one of the key items in the EU/UK Brexit negotiations. The outcome will determine whether the UK has 3rd country status, some ‘special’ status or no status at all.

Watch this space. This UK bill may not be the end of the story.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Trade the Middle East & North Africa: Connectivity, Data Systems & Processes

In Partnership With Date: 20 May 2024 Time: 11am London / 1pm Egypt & Saudi Arabia / 2pm United Arab Emirates / 6am CET Duration: 50 minutes As key states across the region seek alternatives to the fossil fuel industries that have driven their economies for decades, pioneering financial centres are emerging in Egypt, United...

BLOG

Xceptor and Delta Capita Unite to Streamline T+1 Settlement

Data automation platform provider Xceptor has announced a partnership with Delta Capita, a global provider of managed services, technology solutions, and consulting to the financial services industry, aimed at helping financial institutions prepare for the T+1 settlement deadline of 28th May 2024. The partnership, which will leverage Xceptor’s data automation platform and Delta Capita’s expertise,...

EVENT

TradingTech Briefing New York

Our TradingTech Briefing in New York is aimed at senior-level decision makers in trading technology, electronic execution, trading architecture and offers a day packed with insight from practitioners and from innovative suppliers happy to share their experiences in dealing with the enterprise challenges facing our marketplace.

GUIDE

Regulatory Data Handbook 2023 – Eleventh Edition

Welcome to the eleventh edition of A-Team Group’s Regulatory Data Handbook, a popular publication that covers new regulations in capital markets, tracks regulatory change, and provides advice on the data, data management and implementation requirements of more than 30 regulations across UK, European, US and Asia-Pacific capital markets. This edition of the handbook includes new...