On 14 September 2017 the Government published the Data Protection Bill which will effectively implement the EU General Data Protection Regulations, which take effect on 25 May 2018.
The changes are as follows.
- Withdrawal of consent for the use of personal data will be easier
- People will be able to ask for their personal data held by companies to be erased
- Parents and guardians will be able to give consent for their child’s data to be used
- 'Explicit’ consent will be necessary for processing sensitive personal data
- The definition of ‘personal data’ will be expanded to include IP addresses, internet cookies and DNA
- Data protection law updated and strengthened to reflect the changing nature and scope of the digital economy
- Easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Easier for customers to move data between service providers.
Fines for non-compliance will be increased to €20 million or four per cent of a firm's global turnover (whichever is greater).
Cas Carrington, partner, will be covering the new rules in one of the sessions on the Autumn Law on Tour, so book now to secure your place.