Aug 8, 2017Industry insights,
UK data protection laws announced
In a bid to remove the confusion that still surrounds the European General Data Protection Regulation and transfer it into UK law, a new bill has been announced that proposes to completely overhaul our current UK data laws and should provide us with one of the most robust and dynamic set of laws in the world.
Britons will be able to have significantly more control over where and how their personal data is used. They will have what’s being called ‘the right to be forgotten’, and will set to improve consistencies with our data laws in time for the UK leaving Europe. What’s more, any breaches of this will incur heavy fines.
Personal data will extend beyond the obvious information such as personal details and photos, and will also include digital footprints such as cookies, and information that the everyday consumer wouldn’t automatically think about such as IP addresses. Both of these can be used as an advertising tool for behavioural retargeting, so it will be interesting to see if this has any noticeable effect on the way advertising is displayed online.
The key proposals in this bill are:
- Making it easier for people to withdraw their consent for personal data to be used: ‘the right to be forgotten’.
- Requires business to request the correct authorisation before processing their personal data
- Provides easier access for individuals to know what information is being held on them
It places the responsibility of data protection and the correct management of data firmly on the business. Failure to comply will almost certainly incur large fines.
As it stands the current maximum fine for breaking data protection legislation is £500,000. With the new bill in place, this is set to rise dramatically, and the fines for some of the most serious data breaches could be up to £17m or 4% of global turnover, whichever is the higher of the two.