The UK government has published a list of its planned derogations to GDPR. This follows responses to a “call for views” as part of its implementation process. All stakeholders with an interest in data protection were encouraged to share views on any and all derogations in the UK Data Protection Bill.
In a document entitled A New Data Protection Bill: Our Planned Reforms. It sets out a Statement of Intent regarding the country specific changes the UK wishes to incorporate into the bill which will differ from GDPR.
What are derogations and what are they for?
Under Article 23, Member States can introduce exemptions from the GDPR’s transparency obligations and individual rights, but only where the measure respects the essence of the individual’s fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society. The measure must safeguard one of the following:
- national security;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences, the execution of criminal penalties or breaches of ethics in regulated professions;
- other important public interests, in particular economic or financial interests (e.g. budgetary and taxation matters, public health and security);
- the protection of judicial independence and proceedings;
- monitoring, inspection or regulatory functions connected to the exercise of official authority regarding security, defence, other important public interests or crime/ethics prevention;
- the protection of the individual, or the rights and freedoms of others; or
- the enforcement of civil law matters.
Overview of derogations
The Department for Digital Culture, Media and Sport (DCMS) has also published an overview document which lists the areas in which the UK is looking for derogations.
Minister Matt Hancock says in the statement. “Bringing EU law into our domestic law will ensure that we help to prepare the UK for the future after we have left the EU. The EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) have been developed to allow people to be sure they are in control of their personal information while continuing to allow businesses to develop innovative digital services without the chilling effect of over-regulation. Implementation will be done in a way that as far as possible preserves the concepts of the Data Protection Act to ensure that the transition for all is as smooth as possible, while complying with the GDPR and DPLED in full.“