A new Data Protection Bill is due to be published in September 2017, bringing the EU’s General Data Protection Regulation (GDPR) into UK law.
Under GDPR, individuals will be awarded a new right to request that their personal data is completely erased. UK law will extend this right by requiring social media providers to delete all of a personal’s posts from before they were under 18, if requested.
Support will be provided to businesses to make sure they are in a position to manage and secure their data correctly. The Information Commissioner will also be given greater powers to defend consumer interests and will be able to levy increased fines of up to £17 million, or 4 per cent of global turnover for the most serious data related breaches.
Changes in Favour of the Consumer
The new Data Protection Bill will allow people to enjoy more control over their data. They will get a greater say in what it is used for as it will be easier to withdraw consent for its use. Parents and guardians will be responsible for giving consent for their children’s data to be used, and ‘explicit’ consent will be necessary in order to process sensitive personal data. This means opting in rather than opting out, which should lead to consumers receiving less cold calls.
Furthermore, the definition of ‘personal data’ will be expanded to cover DNA, IP addresses and internet cookies. The Bill will make it easier and free for individuals to require an organisation to disclose any personal data held on them, and it will be more straightforward for customers to migrate their data from one service provider to another.
Strengthening the Law to Reflect Today’s Digital Economy
Many of the changes being introduced are based around the aim of strengthening the law to reflect today’s digital economy. With the introduction of the Bill, it will be a criminal offence for an organisation to recklessly or intentionally allow someone to be identified from the use of data that has been anonymised, in other words, data that has been adjusted in such a way that the holder should not be able to be identified. In addition, criminal charges could be faced by organisations found tampering with data that an individual has requested.
Some of these new requirements may lead to challenges for businesses, particularly those that do not have their data stored digitally, making it more difficult to sort it. Many experts have warned that numerous businesses are by no means prepared for the new rules.
The extent of the new legislation is also presently unclear. There is talk of some exemptions depending on the type of data in question, but nothing has yet been confirmed.
As soon as more details come to light, we will share them. Follow us on Twitter and check back to this news feed to stay up to date.