The new British data protection laws give power back to the people: they will now be able to request that their personal data be deleted whenever they wish. Organisations failing to comply can be fined up to £17 million, or up to 4 per cent of their global turnover.
One of the government’s aims is to improve consumers rights, while introducing new criminal offences. Since it is obliged to incorporate the European Union’s General Data Protection Regulation (GDPR) into UK law, these changes were close to unavoidable.
These are some of the changes introduced by the new Data Protection Bill:
– Personal data includes internet cookies, DNA, and IP addresses
– Users can withdraw consent for the use of personal data
– Individuals can request the deletion of their data
– Parents must give permission for their child’s data to be used
– It will be simpler to have companies erase your data
– Explicit consent is necessary for processing sensitive personal data, pre-selected tick-boxes will no longer be sufficient
The bill will be introduced in September. Since the GDPR comes into full swing on May 25th, 2018, the organisations will have only 10 months to act. Even in the event the UK decides to leave the EU, British law must comply with the requirements introduced by the GDPR.
Undoubtedly, this will make things harder for businesses. For example, a user can request that their personal data deleted, and a company will have only 72 hours to react.