Government moves forward with Data Protection Bill

The Government has outlined its plans for a new Data Protection Bill, bringing into UK law the requirements of the European Union’s General Data Protection Regulation (GDPR). 

In a Statement of Intent emphasising its commitment to strengthening UK data protection law, the Government said the new Bill would include tougher rules on consent, rights to access, rights to move and rights to delete data.

In particular, the Data Protection Bill will:
  • make it simpler to withdraw consent for the use of personal data;
  • allow people to ask for their personal data held by companies to be erased;
  • enable parents and guardians to give consent for their child’s data to be used;
  • require ‘explicit’ consent to be necessary for processing sensitive personal data;
  • expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;
  • update and strengthen data protection law to reflect the changing nature and scope of the digital economy;
  • make it easier and free for individuals to require an organisation to disclose the personal data it holds on them; 
  • make it easier for customers to move data between service providers.
New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data. The Information Commissioner’s Office will also be able to issue higher fines – of up to £17 million or 4% of global turnover for serious data protection breaches.

Matt Hancock, Minister of State for Digital, said: “The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”

The Government said the Data Protection Bill must be consistent with the GDPR and other relevant international instruments to help ensure the safe flow of data between the UK and key markets, such as the US and EU. The Bill will apply the new data protection standards to all general data, not just areas of EU competence. It will replace the Data Protection Act 1998.

Please get in touch if you would like a free introductory call or follow-up meeting to find out more about our GDPR healthcheck or how our expert Technology Regulation team can support you.

Leave a comment

 Security code

Mark L

Im impressed, I should say. Pretty rarely do I come across a blog thats each informative and entertaining, and let me let you know, youve hit the nail on the head. Your blog is significant; the problem is some thing that not sufficient men and women are talking intelligently about. Im seriously happy that I stumbled across this in my search for one thing relating to this issue.

Shaun Parker

I would like to discuss our potential requirements to comply with GDPR and any services you offer to help assist in doing this.