With effect from 25th May 2018 the current European legislation relative to data protection will be superseded by the General Data Protection Regulation (GDPR). As the UK will not have completed BREXIT negotiations by this date, the GDPR will become operative within the UK as part of UK law.
Currently the UK’s Data Protection Bill 2017 is before parliament and under consideration prior to enactment. This Bill does not seek to incorporate GDPR but proceeds on the assumption that GDPR will become part of UK law on the 25th May 2018. The substance of GDPR will be adopted by the UK government and will remain in force until the UK leaves the EU under the provisions of the European Union (Withdrawal) Act 2018 if and when this is enacted. There is no doubt that if the UK wishes to continue trading with the EU after BREXIT then legislation comparable to GDPR will need to be in place.
GDPR brings with it new concepts and definitions which will present several new challenges for business. One such challenge being the requirement not only to record, but also, to report any security breach to the Information Commissioner’s Office and also to the affected individual(s).
We at Passport Proven are preparing for the new legislation to ensure compliance with the new legislation, and to protect our clients and their information. In recent months, we have reduced the amount of data that we hold by only keeping document check details for five days. In the future, it is likely to be that any personal data that we process on behalf of clients will be deleted from our systems even sooner and more detail will follow when we have finalised our considerations.
Going forward we will liaise with our clients so as to ensure proper processes are in place to ensure compliance.