Changes to UK data laws: All you need to know
07 August 2017
August 7th 2017
The UK is changing the way organisations can handle personal data as part of an overhaul of UK data laws. According to the UK government, these changes are necessary in order to keep up with modern digital environments and processes, and also to better protect the increasing volumes of personal data that is being created and stored by organisations globally.
Data is a valuable resource and is exploited extremely frequently by cybercriminals who successfully manage to extract it from poorly-protected organisations. This new UK legislation rehaul aims to be aligned with international data protection frameworks such as the European General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive. This is not only important for the protection of citizen data, but also to ensure that data travelling between the UK and key markets such as the EU and US remains protected and compliant with local and international data directives.
UK data law reform highlights
This reform to the UK’s data protection frameworks will concentrate on providing individual citizens with control of their own personal data.
Some key aspects of the reform have been summarised below:
- Explicit consent for opt-in: Organisations must receive explicit consent from an individual in order to be opted in. This includes defaulting to opt out, and tightening usage of pre-selected opt-in tick boxes.
- Improved access to data: Users can ask organisations to disclose held information with no charge.
- Personal data redefined: The definition of personal data has been expanded to include IP addresses, internet cookies and even DNA.
- Right to be forgotten: A staple of the GDPR, individuals can now ask for their personal data to be erased, including on social media platforms.
It’s worth noting that the new legislation isn’t designed to restrict organisations. A number of the proposed changes are structured to help organisations protect personal data and therefore avoid financial and brand-damaging repercussions accompanied by a data breach.
What happens if the new data reform rules are breached by an organisation?
The Information Commissioner’s Office (ICO) will continue to impose sanctions following a data breach, but will have greater power following the rollout of the law changes:
- Big fines: Fines can increase to as high as £17m, or 4% of global turnover (compared to a max. of £0.5m currently).
- Criminal charges: Offenders can now be prosecuted, and current offences will be modernised in order to ensure effectiveness.
Department for Digital, Culture, Media and Sport: A new data protection bill: our planned reforms – You can read the full statement of intent issued by the UK government on 07/08/17 by clicking below:
Information Commissioner’s Office: Homepage – This site contains information pertaining to the ICO, and contains a lot of information about current legislations and laws surrounding fair usage of data.
The GDPR survival guide: Data D-Day: Your guide to surviving the EU General Data Protection Regulation – this free whitepaper details the upcoming GDPR data laws and explores how organisations can prepare for “data D-day” on March 25th