Our friends at Cordery Compliance have just issued their latest in a series of videos concerning the upcoming GDPR and the UK's Data Protection Bill 2017 and it is well worth the watch.
This installment focuses primarily on the UK's Data Protection Bill 2017. Solidified in September, the Data Protection Bill is meant to accomplish three major goals: update the existing Data Protection Act of 1998 to align it with the realities of today's information economy, establish GDPR consistent regulation for UK businesses in light of Brexit, and modify the GDPR clauses to align with UK existing data protection principles. Compliance will be required by May 2018 so as to align with the effective date of the GDPR.
The bill establishes fines on data controllers and processors of up to £17 million or 4% of annual turnover for the most serious breaches so UK firms would be well advised to prepare themselves.
Key takeaways from the video: the child data protection clause establishes the minimum age for legally accepting data privacy clauses as 13, the ICO (Information Commissioners Office) will be the sole authority to certify compliance, the ICO has the authority to require a DPIA (Data Protection Impact Assessment) of firms applying for compliance certification.
The DPIA is a requirement of both the GDPR and the UK Data Protection Bill 2017. Ipswitch and Cordery have collaborated to provide DPIA kit for file transfer.