The Secretary of State for Culture, Media and Sport, Karen Bradley MP, confirmed to the Culture, Media and Sport Select Committee on Monday 24 October that the EU General Data Protection Regulation (GDPR) will apply in the UK.
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public,” she said.
The Information Commissioner, Elizabeth Denham, commented: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years.”
In a discussion with the ICO earlier this week, it is still uncertain how some of the new changes will affect schools in terms of children’s data and the additional requirements that may be placed on schools around that other than what is laid out in Article 8 Conditions applicable to child’s consent in relation to information society services and Article 9 Processing of special categories of personal data. However, we must remember that the rest of the regulation will still apply to them and the adults whose data we gather and use in various ways including staff and parents.
I will update followers of our blog as I find out more, in particular around the potential need for a Data Protection Officer due to the nature of the data we handle and any additional policies and procedures that may be required. Now is the time to start thinking about this and not March 2018!