People to have more control over their personal data and be better protected in the digital age under new measures announced by Digital Minister Matt Hancock.
The Government has committed to updating and strengthening data protection laws through a new Data Protection Bill which will:
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.
Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.
The intention of the Data Protection Bill is to implement the GDPR in full, put the UK in a strong position to secure unhindered data flows once it has left the EU, and give businesses the clarity they need about their new obligations.
The GDPR will apply fully from 25th May 2018. If you would like to know the steps to take to comply with the new rules please register for our series of email guides here.