Our Blog

New Data Protection Bill to launch next month

Tuesday, August 22nd, 2017

The Government has recently outlined its intention for a new Data Protection Bill, to be published in September 2017, which will bring the EU’s General Data Protection Regulation (GDPR) into UK law.

Data Protection Bill 2017

We will be issuing further instructions to our HR retainer clients but for how this is what you will need to be thinking of to start preparing for the General Data Protection Regulation (GDPR)

Individuals will have among other things, a new right to be forgotten and ask for their personal data to be erased.

Businesses will be supported to ensure they are able to manage and secure data properly. The Information Commissioner will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4% of global turnover, in cases of the most serious data breaches.

The Department for Digital, Culture, Media and Sport said that the Bill would:

  • Make it simpler to withdraw consent for the use of personal data;
  • Allow people to ask for their personal data held by companies to be erased;
  • Enable parents and guardians to give consent for their child’s data to be used;
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data;
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;
  • Strengthen the law to reflect the changing nature and scope of the digital economy;
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them;
  • Make it easier for customers to move data between service providers.

The Government added that a new criminal offence will be created to deter organisations from either intentionally or recklessly allowing someone to be identified from the use of anonymised data.

The Information Commissioner’s Office (ICO) is consulting on draft guidance on consent under the General Data Protection Regulation (GDPR).

The General Data Protection Regulation (GDPR) will introduce significant changes to the data protection regime, along with increased penalties.

It is imperative that you understand these changes and ensure that you are compliant by the time the Bill become Law on the 25 May 2018.