The Government has today outlined its intention for a new Data Protection Bill, to be published in September 2017, which will bring the EU’s General Data Protection Regulation (GDPR) into UK law.
Data Protection Bill 2017
Individuals will have among other things, a new right to be forgotten and ask for their personal data to be erased.
Businesses will be supported to ensure they are able to manage and secure data properly. The Information Commissioner will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4% of global turnover, in cases of the most serious data breaches.
Matt Hancock, minister for digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
The Department for Digital, Culture, Media and Sport said that the Bill would:
- Make it simpler to withdraw consent for the use of personal data;
- Allow people to ask for their personal data held by companies to be erased;
- Enable parents and guardians to give consent for their child’s data to be used;
- Require ‘explicit’ consent to be necessary for processing sensitive personal data;
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;
- Strengthen the law to reflect the changing nature and scope of the digital economy;
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them;
- Make it easier for customers to move data between service providers.
The Government added that a new criminal offence will be created to deter organisations from either intentionally or recklessly allowing someone to be identified from the use of anonymised data.