EU proposals to revise data protection rules
On 27 April 2016, new laws on data protection, which will set out new European rules on privacy in the digital age were published. They must be applied across the EU by 25 May 2018. Click for the full text. Our office worked substantially to influence these new rules to ensure the best possible outcome for the NHS.
As the UK will still be a member of the EU at this point in time, the Government has confirmed we will be implementing this piece of legislation to schedule.
The Information Governance Alliance has published a briefing note highlighting the actions that health organisations and arms’ length bodies need to consider to prepare for the EU General Data Protection Regulation (GDPR).
See also our blog which talks about data privacy laws post Brexit.
UK Government publishes "Statement of Intent" for new data protection bill
The UK Government has published a "Statement of Intent" (Aug 2017) unveiling its plans for a new data protection bill to implement in full the EU General Data Protection Regulation.
The document proposes that bringing EU law into domestic law will ensure that the UK is prepared for the future after it has left the EU.
"The EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) have been developed to allow people to be sure they are in control of their personal information, while continuing to allow businesses to develop innovative digital services without the chilling effect of over-regulation. Implementation will be done in a way that as far as possible preserves the concepts of the Data Protection Act, to ensure that the transition for all is as smooth as possible, while complying with the GDPR and DPLED in full.”
Exchange of data post-Brexit
Further to the Statement of Intent, on 24 August the UK government published a future partnership paper on the exchange and protection of personal data with the EU after the UK has left the European Union.
The paper outlines the importance of sharing data between the UK and the EU, saying that the free flow of data is a crucial aspect of the data economy.
The Government paper highlights the mutual benefits of the UK remaining aligned with the EU's data protection framework and affirms that "the UK’s data protection law will fully implement the most up-to-date EU framework, and this will remain the case at the point of the UK’s withdrawal from the EU. On this basis, ........ it would be in the interest of both the UK and EU to agree ....... to mutually recognise each other’s data protection frameworks as a basis for the continued free flows of data between the EU (and other EU adequate countries) and UK from the point of exit until such time as new and more permanent arrangements come into force"
UK Government Consultation on implementing new EU Regulation
The NHS European Office contributed to two joint responses on behalf of the NHS and medical research community to the ‘call for views’ consultation published earlier this year (2017) by the Government on the implementation of the new EU Regulation on data protection.
Our office has produced a briefing with the European Hospital and Healthcare Federation (HOPE) to prepare commissioners, hospitals and other health and care providers for the main changes that can be expected. Download your copy. Read also our blog on what the changes mean for NHS organisations and download our presentation on the impact of the General Data Protection Regulation on EU collaborative research from the May 2017 ISC seminar.
The NHS European Office is part of the working group producing guidance on implementation of the new rules for the NHS. See here for more information.
For further information, please contact Sarah Collen.