On the 7th of August, the Government outlined its objective for the new Data Protection Bill, it is due to be published next month and will merge the EU’s General Data Protection Regulation (GDPR) into legislation in the UK.
This legislation will now grant individuals the right to be forgotten and ask for any personal data held by others to be erased.
Organisations will have support through this process to make sure they are complying and managing data in line with regulations.
Should an organisation fail to meet requirements, the Information Commissioner will now have additional powers to defend consumer rights, meaning they can now issue fines of up to 17m or 4% of global turnover (whatever figure is higher) in the event that Data Protection Regulations are breached.
Minister of the Department for Digital, Culture, Media and Sport, Matt Hancock stated:
“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
“The Data Protection Bill will allow the UK to continue to set the gold standard on data protection. We already have the largest internet economy in the G20. This Bill will help maintain that position by giving consumers confidence that Britain’s data rules are fit for the digital age in which we live.”
The Department for Digital, Culture, Media and Sport said further that the Bill would:
– Make it simpler to withdraw consent for the use of personal data;
– Allow people to ask for their personal data held by companies to be erased;
– Enable parents and guardians to give consent for their child’s data to be used;
– Require ‘explicit’ consent to be necessary for processing sensitive personal data;
– Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;
– Strengthen the law to reflect the changing nature and scope of the digital economy;
– Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them;
– Make it easier for customers to move data between service providers.
The Government have said it will be a criminal offence if an individual “intentionally or recklessly re-identifies an individual from anonymised or pseudonymised data.”
In addition, those in association with this who handle or process the data knowingly, will also be committing a criminal offence.
A further offence will be conceived should an individual alter records with the intent of stopping them being identified when someone exercises their right to the data.
How can employers prepare for the reforms?
– Start to consider how to efficiently recruit and train a Data Protection Officer;
– Have in place a clear data policy that defines procedures, in particular data breaches;
– Review employment contracts that regard consent;
– Have in place clear privacy notices that are straightforward so that it is easily translated to your employees;
– Ensure there is a legitimate basis for the retention of data stored and for the transfer of any data. E.G. in relation to HR.
How can we help?
At Employment Law Services (ELS), we will work together with our clients to ensure they are fully protected and prepared for the new regulation to take effect in May 2018. If you have any specific queries about the impact this may have on your business or wish to contact us for a free consultation call us today on – 0800 612 4772.