Data Protection Bill: How the UK’s data laws will now be fit for the digital age
They’ve always said that information is power, and in the digital age, data increasingly powers the world.
It drives price comparison sites and improves the flow of transport around cities. Using data properly adds billions of pounds to the economy, and helps improve and save lives.
We are yet in the foothills of the digital revolution, on the cusp of amazing breakthroughs in artificial intelligence, with machines learning how to think and do more and more tasks once reserved for us humans.
But it’s been a generation since we last updated our data protection laws, to free up the nation’s businesses and entrepreneurs to innovate – while protecting from cyber attack and making Britain the safest place in the world to be online.
Read more: CBI warns of cliff edge for £240bn data economy
So today we are publishing the Data Protection Bill to provide a comprehensive new legal framework for data protection in the UK, combining rules that encourage innovation while protecting privacy.
Not only are we empowering people to take control with new rights to access, move and delete their personal data, we are also strengthening Britain’s data rules to make that data safe. We want Britain to be secure on the cutting edge of the amazing new technologies and practices of the digital revolution.
Any organisation’s data protection framework that’s compliant with the existing rules should be in a good position to take the step up to being compliant with the new laws. They add one new addition to the eight data protection principles set out in the 1998 Act, and that is the principle of accountability.
But as the increasing threats of cyber attack have made us all aware, complacency simply isn’t an option. I’m calling on all businesses to make sure their standards will be up to scratch by the deadline of May 2018, and make use of the relevant advice from the Information Commissioner’s Office (ICO).
The Bill will also strengthen some of the exemptions from the rules for certain organisations, to allow processing of personal data that is vital for our economy, democracy and society to go ahead.
Let’s take the example of research. If researchers working on vast data sets to achieve ambitious scientific outcomes had to respond to every request to access that data it would become overly burdensome. Important archives of historical significance held by museums would also be at risk of being undermined by requests to remove data from them.
So the Bill will provide protections and flexibilities not just in the nation’s world-leading research fields, but also, for example, to protect freedom of expression in journalism and allow legal claims and judicial acts to continue.
We’ll also provide exemptions in health, education and social work to ensure safeguarding, allow continued anti-money laundering operations in the financial services sector and anti-doping operations in sport, as well as bringing benefits for many other sectors of the economy.
While getting prepared for these new rules might be plain sailing for big businesses, we recognise that there is a degree of uncertainty from small and medium size companies or public sector organisations. I’d like to offer them a few reassurances.
Read more: The UK wants an early Brexit deal on data
Organisations processing lots of data or certain types of sensitive data will need to employ a data protection officer, but this will only apply to organisations with over 250 employees.
It’s true that under the new regime, the ICO will be able to issue fines of up to £17m or four per cent of an organisation’s global turnover, but this maximum amount would only be used for the most serious data breaches.
As long as organisations can ensure they are adequately protecting the data they hold, the new framework imposes no unnecessary additional costs. Our priority throughout is to ensure that people’s data is protected and to help organisations adhere to the new laws.
The UK has always been a world-leader on data protection. This Bill will ensure that continues into the twenty first century, so that we humans can survive and thrive in the next chapter of the digital revolution to come.