Search

How can we help?

Icon

Data protection laws give individuals more control over personal data

Details of the Data Protection Bill were revealed yesterday. The Government announced that the new laws will provide people with more control over how their personal information is used and ensure that people can withdraw consent to use their data just as easily as they can grant it.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

Key changes announced include:

  • wider definition of ‘personal data’ to now include DNA profiles, IP addresses, browsing histories and internet cookies
  • no longer being able to rely on pre-ticked boxes but require explicit consent to obtain and use personal data
  • making withdrawal of consent hassle-free
  • a right to be forgotten allowing people to ask companies to erase all personal information held by those companies
  • it will be easier and cost-free for individuals to require companies to disclose all the personal information those companies hold on them
  • right to data portability will allow individuals to move data securely between services providers.

The scope and applicability of the proposed data protection laws, like the GDPR, is worldwide. The Information Commissioner’s Office will have powers to levy fines of up to £17m, or 4 per cent of a breaching company’s global turnover. In comparison, the current maximum fine for breaching data protection laws in the UK is £500,000, which can only demonstrate how seriously the Government wants companies to take the protection of individuals’ personal data. This could mean fines up to billions of pounds for companies like Facebook or Google.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

In addition to these, new criminal offences could result in unlimited fines for tampering with personal data that has been requested by an individual or re-identifying individuals by piecing many bits of anonymised data together (e.g. IP addresses and internet cookies).

Are UK businesses ready?

Many critics fear that businesses are wholly unprepared for the new laws. Whilst it is difficult to speculate how the changes will impact upon businesses once the rules are in full force and effect, businesses can only be advised to start getting their house in order sooner rather than later. This will involve reviewing current practices, any forms completed by individuals to obtain personal information, contracts with suppliers who have access to personal information you collect and training employees.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

Pub
  • 07 February 2025
  • Corporate and M&A

Talk & Golf : Thinking of Exiting your Business?

Join Stuart Mullins, Partner at Clarkslegal, and Nicky Goringe Larkin, Managing Director at Succession Planning, for a morning breakfast talk on preparing your business for exit, followed by a round of golf at the Eyston Course at Caversham Golf Club.

art
  • 06 February 2025
  • Privacy and Data Protection

Cookies and Consent: the ICO’s Cookie Review

In the digital age, cookies play a crucial role in how websites operate and interact with users.

art
  • 05 February 2025
  • Corporate and M&A

Growing Pains for Businesses

This thought piece considers some of the key issues and pain points facing a business planning to scale up

art
  • 03 February 2025
  • Employment

Indirect discrimination: How mandated office returns could discriminate against working mothers

In this article though, we will focus on one of the biggest potential hurdles, and the one that is garnering the most media attention and the most criticism. Is a return to work policy discriminatory on grounds of sex?

art
  • 24 January 2025
  • Privacy and Data Protection

UK Data Protection: A look back at 2024 and what to expect in 2025

On 15 January 2025, Louise Keenan and Shauna Jones hosted our webinar “UK Data Protection: what happened in 2024 and what’s in store for 2025.” Our webinar is available for you to watch, but in this article, we will provide a brief summary of what was discussed.

art
  • 22 January 2025
  • Corporate and M&A

Deal Announcement: Clarkslegal’s Corporate team advise founder on exit from Bristol based hospitality business

Clarkslegal is pleased to have advised the exiting shareholder and director of a hospitality business in the South West on the sale of their shareholding and termination of their employment.