UK Data Protection Bill introduced in the UK Parliament
September 17, 2017 |
The Data Protection Bill was last week introduced into the United Kingdom parliament. Notwithstanding Brexit the primary purpose of the bill is to complement the EU’s general data protection regulation and practice (GDPR).
Some of the features include:
- new powers that allow data protection authorities to conduct mandatory data protection audits of businesses with the UK’s Information Commissioner’s Office to exercise those powers .
- The ICO would be able to enter business premises, access documents, equipment and other material, observe personal data processing and interview staff.
- stiffer penalties which can impose fines of up to 4% of the annual global turnover of companies, or €20 million, whichever is highest, for certain breaches .
- UK government ministers would have the power to introduce new regulations to stipulate “how an undertaking’s turnover is to be determined” for the purposes of determining what level of penalty they should face for non-compliance.
- data subjects in the UK will have further scope to claim compensation from businesses that breach the new laws
- new data protection offences including knowingly or recklessly obtaining or disclosing personal data without the consent of the data controller, procuring such disclosure, or retaining the data obtained without consent as well as the act of selling, or offering to sell, personal data knowingly or recklessly obtained or disclosed. Another offence will be taking steps, knowingly or recklessly, to re-identify information that has been “de-identified” although there is a public interest defence.
[…] UK Data Protection Bill introduced in the UK Parliament […]