UK businesses may be subject to higher fines if they fail to comply with new data protection measures proposed by the government.
According to a statement of intent issued by the government, the Information Commissioner’s Office (ICO) will potentially be able to set a maximum fine of £17m or 4% of global turnover in cases of the most serious data breaches.
Digital Minister Matt Hancock’s proposals for a new Data Protection Bill will also seek to give people more control over their personal data – including the right to be forgotten – and gain greater protection. As part of the plans, social media companies will be required to delete information on children and adults if and when asked to do so.
Hancock said the measures were designed to support businesses in their use of data as well as to give consumers the confidence that their data was being protected.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.
“The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.
“We have some of the best data science in the world and this new law will help it to thrive,” the minister added.
The Data Protection Bill will:
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
Elizabeth Denham, information commissioner, added: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.