The Government has published its new Data Protection Bill, which will transpose the European Union’s General Data Protection Regulation (GDPR) into UK law, but has chosen to include exemptions that exist in the previous Data Protection Act.
The new legislation, called the Data Protection Bill, seeks to update existing data protection rules but exemptions in place for financial institutions, journalism and research institutions like museums and universities will be carried over, according to the Government.
This is to ensure that financial services firms that price risk or process data on suspicion of terrorist financing or money laundering are legally protected and that personal data used by journalists is protected “for freedom of expression and to expose wrongdoing”.
It will also exempt bodies responsible for cracking down on doping in sport from some GDPR rules, in order to catch drug cheats.
The proposal aims ‘to ensure that UK businesses and organisations can continue to support world leading research, financial services, journalism and legal services,’ the government said.
The Data Protection Bill will bring UK law in line with GDPR and both will come into force in just ight months, in May 2018.
Companies that breach GDPR rules can be fined up to four percent of global turnover or £17 million – whichever is higher.