Search

How can we help?

Icon

Data protection laws give individuals more control over personal data

Details of the Data Protection Bill were revealed yesterday. The Government announced that the new laws will provide people with more control over how their personal information is used and ensure that people can withdraw consent to use their data just as easily as they can grant it.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

Key changes announced include:

  • wider definition of ‘personal data’ to now include DNA profiles, IP addresses, browsing histories and internet cookies
  • no longer being able to rely on pre-ticked boxes but require explicit consent to obtain and use personal data
  • making withdrawal of consent hassle-free
  • a right to be forgotten allowing people to ask companies to erase all personal information held by those companies
  • it will be easier and cost-free for individuals to require companies to disclose all the personal information those companies hold on them
  • right to data portability will allow individuals to move data securely between services providers.

The scope and applicability of the proposed data protection laws, like the GDPR, is worldwide. The Information Commissioner’s Office will have powers to levy fines of up to £17m, or 4 per cent of a breaching company’s global turnover. In comparison, the current maximum fine for breaching data protection laws in the UK is £500,000, which can only demonstrate how seriously the Government wants companies to take the protection of individuals’ personal data. This could mean fines up to billions of pounds for companies like Facebook or Google.

The proposed changes are intended to help bring the UK in line with the EU’s General Data Protection Regulation (GDPR) post Brexit but to also push the UK into the forefront of data protection and online regulation.

In addition to these, new criminal offences could result in unlimited fines for tampering with personal data that has been requested by an individual or re-identifying individuals by piecing many bits of anonymised data together (e.g. IP addresses and internet cookies).

Are UK businesses ready?

Many critics fear that businesses are wholly unprepared for the new laws. Whilst it is difficult to speculate how the changes will impact upon businesses once the rules are in full force and effect, businesses can only be advised to start getting their house in order sooner rather than later. This will involve reviewing current practices, any forms completed by individuals to obtain personal information, contracts with suppliers who have access to personal information you collect and training employees.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

Pub
  • 19 May 2025
  • Corporate and M&A

Thinking of exiting your business? Part 2

In the second instalment of our three-part series, join Stuart Mullins from Clarkslegal and Nicky Goringe Larkin from Succession Planning as they discuss the complexities surrounding business financing, accounting practices, and valuation strategies, along with key insights into private equity.

Pub
  • 16 May 2025
  • Employment

London Seminar – Understanding the Employment Rights Bill: Legal changes and what they mean for HR

We are pleased to invite you to an in-person seminar at our London office on Tuesday 24th June, hosted by our Employment Law team. Join Monica Atwal, Managing Partner; Katie Glendinning, Partner; and Amanda Glover, Associate, as they unpack the legal implications of the new Employment Rights Bill and what it means for your organisation.

Pub
  • 16 May 2025
  • Employment

Reading Seminar – Understanding the Employment Rights Bill: Legal changes and what they mean for HR

We are pleased to invite you to an in-person seminar at our Reading office Tuesday 17th June hosted by our Employment Law team. Join Monica Atwal, Managing Partner, Katie Glendinning, Partner and Amanda Glover, Associate, will unpack the legal implications of the new Employment Rights Bill and what it means for your organisation.

art
  • 15 May 2025
  • Immigration

The 2025 Immigration White Paper: A Turning Point in UK Immigration Policy

On 12 May 2025, the UK Government unveiled its White Paper titled “Restoring Control Over the Immigration System”, outlining the most substantial proposed changes to immigration law since the post-Brexit overhaul.

Pub
  • 15 May 2025
  • Employment

TUPE Podcast Series – Information and Consultation Obligations

In this ninth episode of our TUPE Podcast Series, Katie Glendinning, a Partner in the employment team, will examine the information and consultation obligations under TUPE.

art
  • 15 May 2025
  • Privacy and Data Protection

Ashley v HMRC – The High Court clarifies the scope of Data Subject Access Requests

DSARs are very rarely the subject of litigation, and they are even rarer in the High Court, so the case of Ashley v HMRC is a valuable decision for both data subjects and data controllers.