Westminster is set to publish a ‘statement of intent’ today which will reveal its plan to extend data protection laws in the UK, in a bill called the Data Protection Bill.
The changes to the bill aim to make it easier for users to withdraw consent for any use of their personal data, or request its removal entirely.
In addition to granting users control of an organisation’s access to their data, organisations will need explicit consent from users to process sensitive personal data. The definition of personal data is also being broadened to include IP addresses, internet cookies and DNA.
The changes in this bill means moving service providers will be much simpler.
Under the new Data Protection Bill, the Information Commissioner’s Office, or ICO for short, will be able to fine organisations up to £17 million or four percent of their annual revenue – whichever is higher. The previous fine was just £500,000.
Matt Hancock, Minister of State for Digital said “our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.”
The government will introduce the changes to the bill in September once the House of Commons reopens after its summer break. Westminster will need to pass the law before the 25th of May next year, which is when the EU’s General Data Protection Regulations (GDPR) must be implemented.
Organisations will need to change the way they manage personal data to meet the law’s specification within the next 10 months or face huge fines.
If you’re unsure how your website handles user information, contact JBi.