Data Protection Reforms set to introduce a ‘right to be forgotten’ and fines of up to £17 million

The Government has issued a press release giving further details about the new Data Protection Bill.

The new Data Protection Bill will have the effect of incorporating the GDPR into UK law. This will help to reassure businesses that an equivalent data protection regime to the one operating in the EU will apply post-Brexit, enabling trade and data flows between the UK and EU states to continue.

However, the Data Protection Bill is set to introduce several new measures and protections that must be complied with:

• Implement a new “right to be forgotten” with the right to request deletion of personal data;
• A new right to request that social media sites remove postings that were originally made when a person was under 18 (this is a UK-specific measure which goes beyond the GDPR);
• Make it easier for people to withdraw their consent to processing of their personal data;
• End reliance on pre-ticked boxes giving consent on electronic forms – in future individuals will need to actively opt-in for consent to be effective;
• Expand the outdated definition of ‘personal data’ so that it will include such things as biometric data, genetic data, IP addresses, and internet cookies;
• Make it easier for persons to request copies of their personal data, and the end of automatic charges for responding to those requests;
• More robust protections of anonymised data, where a person can still be identified when combining it with another source of information.

A key issue for businesses and organisations is that the financial penalties for serious breaches are set to increase above the current level of £500,000. Under the new rules, the maximum fine will be up to £17 million, or 4% of global turnover, whichever is the higher of the two.

Given the substantial increase in the financial penalties it is crucial that businesses start their preparations now. A recent survey in May 2017 published by YouGov revealed that 71% of businesses were unaware the level of fines was set to increase. The same survey also revealed that only 29% of businesses had started work to prepare for the GDPR.

It is only a matter of months before the May 2018 deadline. If you would like to discuss your preparations for the impending data protection reforms, please contact one of our specialist Data Protection solicitors, Joanne Henderson or Carla Murray, on 0161 941 4000 or via email lawyers@myerson.co.uk.