Shift in data protection laws to favour citizens
Thursday, 7th September 2017
The UK Government is in the midst of proposing a series of changes to UK data protection laws that would give citizens a great deal more control over what, where, how and for how long their data may be stored by companies.
The Data Protection Bill will transfer existing European Union law – the General Data Protection Regulation (GDPR) – into UK law, which will allow citizens to ask for personal data, or information posted when they were children, to be permanently removed.
The key points
Specifically, the proposal outlines the following key elements:
- make it simpler for people to withdraw consent for their personal data to be used
- let people ask for data to be deleted
- require firms to obtain "explicit" consent when they process sensitive personal data
- expand personal data to include IP addresses, DNA and small text files known as cookies
- let people get hold of the information organisations hold on them much more freely
- make re-identifying people from anonymised or pseudonymised data a criminal offence
The impact will extend far into the digital space, with specific implications across social media – soon, you will have the right to have posts on social media about yourself removed.
These new proposals extend the ‘right to be forgotten’ laws that already apply to search engines to a far wider range of companies, giving far greater protection to citizens.
What happens if companies break the law?
Companies that breach the new rules will be liable for hefty fines of up to £17m or 4% of global turnover.
The UK’s Information Commissioner will have greater power to investigate and police the new regime.
Considerations for SMEs
There are fears that small businesses in particular may be unwittingly vulnerable to breaking the law.
Mike Cherry, national chairman of the Federation of Small Businesses, warns that SMEs are largely in the dark about what the proposed laws will mean, “They simply aren't aware of what they will need to do, which creates a real risk of companies inadvertently facing fines.”
For more on this subject, read the full article here
For advice on how to ensure your company is compliant with the latest Data Protection laws, contact Realnet.
Image courtesy of Google