A new data protection bill, giving individuals increased powers over information stored on them, will rubber-stamp tough new regulations being introduced by the EU.
The new bill will effectively copy the EU’s General Data Protection Regulation (GDPR) and organisations that fail to comply will face huge fines.
It is being drawn up by the UK Department for Culture, Media and Sport and will be presented to parliament when MPs return in early September.
The Bill’s primary aim is to ensure that the UK retains the same data protection laws as the rest of the EU once it leaves the EU, which is likely to be in March 2019.
No details of the proposed Bill have been publicly disclosed to date, so it remains to be seen whether the Bill will add substance to the areas that the GDPR allows to be decided by national law, and whether it will include further clarity on how sanctions will be applied by the UK Information Commissioner’s Office.
This would follow Germany’s lead, after the German Federal Parliament in April of this year passed its own legislation that adapted current data protection laws to cover derogations from the GDPR’s provisions.
Companies will need to inform individuals what information they hold on them and how they intend to use it. They will also need their consent to use it.
Businesses have been warned they are waking up to the changeover too slowly and may find themselves facing huge penalties if found guilty of non-compliance.
Tom Thackray, CBI innovation director, said: “In the modern economy, data has huge value and its innovative use leads to better services and more productive businesses.
“But firms know that this ability to innovate is dependent on customers having confidence that their information is well protected.
“This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.”