|File Size||232.55 KB|
Data Protection law is changing
The UK government has recently announced a new Data Protection Bill in the 2017 Queen's Speech. The government will introduce the bill in addition to the GDPR - the EU General Data Protection Regulation. The Regulation will come into force on 25th May 2018.
The new Data Protection Bill will reflect most of the provisions set out in the GDPR. But, the bill will also introduce some important derogations away from the GDPR.
For example, under the GDPR, public authorities must appoint a qualified data protection officer. Under the new Data Protection bill, the UK government has signalled that it will take the definition of 'public authorities' from the Freedom of Information Act (FOIA).
Are GPs, schools and colleges 'public authorities'?
Experts are now raising concerns that medical practices and schools may need to appoint qualified data protection officers under the Data Protection Bill. The question is whether the government now defines General Practitioners, schools and colleges as 'public authorities' and so must appoint a data protection officer too.
The FOIA only covers public authorities. Schedule 1 of the Act contains a list of the bodies that are classed as public authorities in this context. Some of these bodies are listed by name, such as the Health and Safety Executive or the National Gallery. Others are listed by type, for example government departments, parish councils, or maintained schools. Executive agencies are classed as part of their parent government department; for example, the DVLA is covered by the Act because it is part of the Department for Transport. However, arm’s-length bodies are not considered part of the department sponsoring them, and they are listed individually in Part VI of Schedule 1.
Section 5 of the FOIA gives the Secretary of State the power to designate further bodies as public authorities. If in doubt, you can check the latest position at www.legislation.gov.uk.
Certain bodies are only covered for some of the information they hold, for example:
- GPs, dentists and other health practitioners only have to provide information about their NHS work;
- the BBC, Channel 4 and the Welsh channel S4C (the public service broadcasters) do not have to provide information about journalistic, literary or artistic activities; and
- some bodies that have judicial functions do not have to provide information about these functions.