The UK Government is due to publish a “statement of intent” on Monday which covers its plans to introduce a new law for data protection, called the Data Protection Bill. Under the new law, the Information Commissioner’s Office (ICO) will be able to fine organisations up to £17 million or four percent of their global turnover; whichever is higher. This is up from the previous fine of £500,000.
The stated aims of the new bill include:
- making it simpler for users to withdraw consent for the use of personal data
- allowing people to ask for their personal data held by companies to be erased
- enabling parents and guardians to give consent for their child’s data to be used
- explicit consent should be necessary for processing sensitive personal data
- the broadened definition of personal data to include IP addresses, internet cookies, and DNA
- bringing data protection laws up to date
- streamlined acquisition of data processes for individuals in terms of the data that an organisation holds on them
- easing moving between service providers for customers
The Government will introduce the bill in September when the House of Commons reopens after its summer break; the Government will then have to pass the law before May 25th, 2018, which is when the EU’s General Data Protection Regulation (GDPR) must be implemented. The Data Protection Bill is legislation for several modifications to the GDPR within the UK.
Organisations will have to change their system to meet the law's specification within the next 10 months or face the consequences.
Source: ZDNet | Image via The Next Women