Search

How can we help?

Icon

Data protection laws give individuals more control over personal data

  • 08 August 2017
  • Privacy and Data Protection

Details of the Data Protection Bill were revealed yesterday. The Government announced that the new laws will provide people with more control over how their personal information is used and ensure that people can withdraw consent to use their data just as easily as they can grant it.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

Key changes announced include:

  • wider definition of ‘personal data’ to now include DNA profiles, IP addresses, browsing histories and internet cookies
  • no longer being able to rely on pre-ticked boxes but require explicit consent to obtain and use personal data
  • making withdrawal of consent hassle-free
  • a right to be forgotten allowing people to ask companies to erase all personal information held by those companies
  • it will be easier and cost-free for individuals to require companies to disclose all the personal information those companies hold on them
  • right to data portability will allow individuals to move data securely between services providers.

The scope and applicability of the proposed data protection laws, like the GDPR, is worldwide. The Information Commissioner’s Office will have powers to levy fines of up to £17m, or 4 per cent of a breaching company’s global turnover. In comparison, the current maximum fine for breaching data protection laws in the UK is £500,000, which can only demonstrate how seriously the Government wants companies to take the protection of individuals’ personal data. This could mean fines up to billions of pounds for companies like Facebook or Google.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

In addition to these, new criminal offences could result in unlimited fines for tampering with personal data that has been requested by an individual or re-identifying individuals by piecing many bits of anonymised data together (e.g. IP addresses and internet cookies).

Are UK businesses ready?

Many critics fear that businesses are wholly unprepared for the new laws. Whilst it is difficult to speculate how the changes will impact upon businesses once the rules are in full force and effect, businesses can only be advised to start getting their house in order sooner rather than later. This will involve reviewing current practices, any forms completed by individuals to obtain personal information, contracts with suppliers who have access to personal information you collect and training employees.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile
Louise Keenan

Associate

View profile

+44 118 960 4614

About this article

  • Subject
    Data protection laws give individuals more control over personal data
  • Author
    Louise Keenan
  • Expertise
    Privacy and Data Protection
  • Published
    08 August 2017

Read, listen and watch our latest insights

art
  • 18 June 2026
  • Corporate and M&A

Business sales and NDAs: Creating a safe space to open up your business

You have accepted an offer to sell your business, but taking an agreement in principle through to completion may involve the need to divulge your company’s private information – perhaps deep secrets which have given your business its competitive edge.  
art
  • 16 June 2026
  • Employment

Shaping the Future of Work: Insights from the 114th ILO International Labour Conference

Having recently returned from the 114th Session of the International Labour Conference in Geneva, I have been reflecting on the work of the International Labour Organisation (ILO) and the important role it plays in global standard setting, as well as promoting social and economic inclusivity.
art
  • 11 June 2026
  • Immigration

MAC report reveals who stays in the UK on the Skilled Worker Route – Key insights for employers

Key insights from the MAC report: Who stays in the UK on the Skilled Worker route? Essential findings and takeaways for employers.
art
  • 08 June 2026
  • Privacy and Data Protection

FAQs – Privacy Documentation

Clearly documenting and regularly reviewing data protection policies and procedures is paramount to demonstrating compliance with the UK GDPR. It is essential that such policies are communicated within an entity and staff are regularly trained on these.

art
  • 03 June 2026
  • Employment

Holiday Pay Record Keeping – What this new duty means for employers

The Employment Rights Act 2025 made certain changes to the rules around holiday records, which came into effect on 6th April 2026.
art
  • 03 June 2026
  • Corporate and M&A

Is your Company’s Register of Members accurate? The hidden risks of getting it wrong

Ensure your company’s Register of Members is accurate and compliant. Learn the legal risks, common mistakes, and how to protect your business from penalties.
See More