United Kingdom: Privacy and Data Protection-related Laws

Europe’s General Data Protection Regulation (GDPR) will bring outdated personal data laws across the EU up to date. Its enforcement will alter how businesses and organizations can handle their customer information. It also boosts the rights of individuals to give them more control over their data. An official overview of the rules covered by GDPR can be found here.

Among other requirements, GDPR mandates that businesses operate by the principles of “data protection by design” and “data protection by default,” which builds data privacy into the design of the business itself. For some entrepreneurs, a potential issue with GDPR may involve an individual’s “right to be forgotten,” which requires data custodians to be able to delete a particular user’s personal information from their database at a later data. This might not be possible on an immutable blockchain system.

The UK is currently in the process of implementing a new Data Protection Act, which will largely include all of the provisions of the GDPR. Currently, the Data Protection Act of 1998 sets out how personal information can be used by companies, the government, and other organizations. The Data Protection Act of 2018 includes the following differences from GDPR:

  • Deals with processing that does not fall within EU law, for example, where it relates to immigration (applies GDPR standards but amends them to adjust those that would not work in a UK context)
  • Transposes the EU Data Protection Directive 2016/680 into domestic UK law
    • Sets out requirements for the processing of personal data for law enforcement purposes
  • Includes provisions related to national security


Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus