One long year

I am documenting my CPD’s and reviewing the contents of my LinkedIn blog and came across this, “The GDPR will become British law”, published last year where I predicted that the GDPR would be grandfathered into British Law via the proposed “Great Repeal Bill”.

What a difference a year and a general election makes.

I did not predict that since the GDPR has member state derogations and that the Government would bring a Data Protection Bill to Parliament. The fact they’ve lost their majority and are now frightened of loosing votes in Parliament is another motivation for sticking a big complex bill into the time table; iit burns time and one would hope that it can be uncontroversial so there’s no chance of loosing a vote, and even if they do, who cares, apart from people like me.

This could of course be a complete waste of time as it’s the courts which will decide what the law means and if we should leave then the issues raised here … will apply.

One long year

On the GDPR

The week before last, I attended the BCS legal day and have finally published my notes on what is now my essay blog. The priority was the coming General Data Protection Regulation. I prefer to write in a style recognising those who have informed me or changed my mind but the notes have been anonymised as I believe that the day was held under Chatham House rules,  The running order has been changed to make the story better and to conform to my preferred priority order, of principles, rights, obligations and enforcement.  The day consisted of two presentations, entitled “Key Issues”, “the Data Protection Officer” and one on trends in enforcement.

On the GDPR

Pragmatism

Are the ICO waking up, this seems a bit rough, … as it fines Flybe and Honda. There are two stories here, two large firms wanted to confirm that they had consents and so wrote to their list to ask if the consents remain in place …. they have been fined; the ICO considered this to be an un-consented bulk email. I wonder if it’s possible to perform this check legally.

Pragmatism

Restrictions

Just looking at my notes from the BCS Legal Day and while some are still hanging on for Brexit saving them from the GDPR, which it won’t, it becomes necessary to understand the wiggle room left by the GDPR.

Firstly, there is the competency limitations of Union itself, it cannot legislate for national & public security nor for the criminal justice system, these exclusions are stated in Article 23 Restrictions and also include (or exclude if that’s how you see it), the management of professions and the pursuit of civil justice. The Restrictions clause does however require the member state to act proportionately and respect the Charter of Fundamental Rights. In addition, there is room for national, member state, variances on the protection of employee data and the definition of public sector, impacting the need for a DPO.

Restrictions