Government announces new data protection laws

A new Data Protection Bill announced by the Government will bring the EU's General Data Protection Regulation (GDPR) into UK law and update the existing Data Protection Act which has not changed since 1998.

Research has shown that more than 80% of people feel they do not have complete control over their data online. The new bill will give individuals more control over their data, including the right to ask for it to be deleted.

Default opt-out or pre-selected tick boxes giving consent for organisations to collect personal data, will soon cease to exist and the bill will make it simpler for people to withdraw consent for the use of their data, as well as free for individuals to require an organisation to disclose any personal data it holds on them.

Additionally, the definition of 'personal data' will be expanded to include IP addresses, internet cookies and DNA.

Some business groups have warned that the new measures are likely to put additional pressure on UK small firms. Many experts have cautioned that businesses are totally unprepared for the new rules coming into force. The data watchdog will be given new powers to enforce rules and fines may be levied against companies that breach the rules of the Data Protection Act.

The Government says businesses will be supported to ensure they manage and secure data properly. However, the Information Commissioner's Office (ICO) will also be given more power to defend consumer interests and issue higher fines.

The Forum of Private Business (FPB) is calling on the Government to form a working group to consider the impact of the proposed legislation will have on small businesses, before it becomes law.

Ian Cass, FPB Chief Executive, said: "It appears that no-one in power has thought about the small and micro-businesses that make up 98% of the UK's 5.2 million businesses… There is the potential for this legislation to impact the way many of these businesses operate and market themselves, and even force them to close down."

Dr Adam Marshall, Director General of the British Chambers of Commerce (BCC), agreed, stating: "While consumers need assurance from business that any personal data held will not be misused, businesses too need a helping hand from Government as these changes come into effect, particularly those at the smaller end of the scale. This is a complex set of changes, so firms must be helped to get them right - and no small or medium-sized business working hard to adapt to the new regime should be hauled over the coals for unintentional mistakes in the early days."

Mike Cherry, National Chairman at the Federation of Small Businesses (FSB), added: "For almost all smaller firms, the scope of the changes have not even registered on their radar. They simply aren't aware of what they will need to do, which creates a real risk of companies inadvertently facing fines.

“As rules come into force in May 2018, we need to see a commitment from the Government and the ICO to provide support and guidance for the 5.5 million-strong small businesses community in good time."

Last updated: 10th August 2017