Government plans to beef up data watchdog’s powers

8 Aug 17

Public and private companies could be fined up to £17m if they breach strengthened data protection laws, under government plans. 

The Data Protection Bill, outlined by the Department for Digital, Culture Media and Sport yesterday, is intended to give the individual greater control over their data.

It includes the so-called right to be forgotten, which will mean social media channels can be forced to delete information people posted in their childhood.

Data protection regulator the Information Commissioner’s Office will be given more power to defend consumer interests and issue higher fines, of up to £17m or 4% of global turnover, in cases of the most serious data breaches. It can currently issue maximum fines of £0.5m.  

The bill –  announced in the Queen’s Speech in June -  will also bring the EU’s General Data Protection Regulation into British law ahead of Brexit.

But it “includes tougher rules on consent, rights to access, rights to move and rights to delete data”, Matt Hancock, the minister of state for digital, said in the forward of the government's statement of intent. 

“[The bill] will ensure that we can remain assured that our data is safe as we move into a future digital world based on a system with more accountability, but less bureaucracy,” he added.

New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.

Hancock also said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account."

The government said it intended to update the UK’s current data protection legislation, which has not been changed since 1998.

Yesterday’s announcement follows the WannaCry ransomeware attack in May, which crippled NHS services as well as affecting 150 countries across the globe.

The president of Microsoft warned that the attack should act as a “wake-up call” to government and businesses about the importance of cyber security.

DCMS said research had shown more than 80% of people do not feel they have complete control of their data online.

Navigation