How can we help?


Data protection laws give individuals more control over personal data

Details of the Data Protection Bill were revealed yesterday. The Government announced that the new laws will provide people with more control over how their personal information is used and ensure that people can withdraw consent to use their data just as easily as they can grant it.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

Key changes announced include:

  • wider definition of ‘personal data’ to now include DNA profiles, IP addresses, browsing histories and internet cookies
  • no longer being able to rely on pre-ticked boxes but require explicit consent to obtain and use personal data
  • making withdrawal of consent hassle-free
  • a right to be forgotten allowing people to ask companies to erase all personal information held by those companies
  • it will be easier and cost-free for individuals to require companies to disclose all the personal information those companies hold on them
  • right to data portability will allow individuals to move data securely between services providers.

The scope and applicability of the proposed data protection laws, like the GDPR, is worldwide. The Information Commissioner’s Office will have powers to levy fines of up to £17m, or 4 per cent of a breaching company’s global turnover. In comparison, the current maximum fine for breaching data protection laws in the UK is £500,000, which can only demonstrate how seriously the Government wants companies to take the protection of individuals’ personal data. This could mean fines up to billions of pounds for companies like Facebook or Google.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

In addition to these, new criminal offences could result in unlimited fines for tampering with personal data that has been requested by an individual or re-identifying individuals by piecing many bits of anonymised data together (e.g. IP addresses and internet cookies).

Are UK businesses ready?

Many critics fear that businesses are wholly unprepared for the new laws. Whilst it is difficult to speculate how the changes will impact upon businesses once the rules are in full force and effect, businesses can only be advised to start getting their house in order sooner rather than later. This will involve reviewing current practices, any forms completed by individuals to obtain personal information, contracts with suppliers who have access to personal information you collect and training employees.

About this article

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

  • 10 July 2024
  • Employment

Redundancy : Back to Basics FAQs

Redundancy can be a scary and overwhelming time both for employees being made redundant, and for those that have to make the decision. It is important for both parties to know their rights and obligations in this time.

  • 09 July 2024
  • Public Procurement

Buyer Beware: Practical Guidance for Breach of Warranty in an SPA

Are you buying a business? Whether you are buying shares in a company or purchasing its assets… the general Latin common law principle “caveat emptor” applies.

  • 08 July 2024
  • Corporate and M&A

Navigating corporate transparency: ECCTA reforms series

This is the second article in a series exploring the changes brought by the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

  • 08 July 2024
  • Immigration

Right to Work Check Guidance – Key Changes for Employers

This updated guidance introduces several significant changes aimed at streamlining the right to work verification process for employers.

  • 02 July 2024
  • Privacy and Data Protection

Data protection unlocked for HR: Introduction to data protection

Lucy Densham Brown and Sana Nahas from the data protection team will discuss data protection issues encountered by HR professionals in the first episode of the ‘Data Protection Unlocked for HR’ podcast series.

  • 27 June 2024
  • Employment

TUPE Podcast Series: What Transfers

In this sixth podcast in our TUPE Podcast Series, Amanda Glover will delve into the automatic transfer principle and what transfers to the incoming employer under TUPE.