UK’s New Data Protection Bill: A Right Step in the Right Direction

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)

Much Anticipated Data Protection Bill of UK government will empower the citizens in every way imaginable

The UK government has recently released a statement of intent outlining the proposals of its upcoming Data Protection Bill. The proposals, drafted by Digital Minister Matt Hancock, is set to overhaul and revolutionize the data protection laws in the UK.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” said the Digital Minister in an official statement.

UK Data Protection Bill

What’s in it for the citizens?

Power, power and more power!!

With proposals such as “right to innocence” and “right to be forgotten,” the bill will empower citizens with greater control over their personal information. The “right to be forgotten” will give users the authority to erase all their data from social media sites before they were 18 (those old, cringey Facebook statuses will finally be off the internet!!).

Till now, the laws didn’t cover modern types of data such as IP addresses, cookies, and DNA. How would they? After all, the current laws were set in motion all way back in 1998 (back when ‘patience’ was the internet’s middle name!). The new laws will categorize all such information as ‘personal data’ and bring it under the radar of relevant rules and regulations.

Ever been sick of those cold-calls or spam emails? Of course, you’ve been. Well, that’s going to stop if you reside in the UK (lucky you!). Under the new propositions, websites cannot add you to those email lists without your consent.

There is also a provision for ‘data portability’ in the statement of intent. It means that users will be able to move data between service providers. This presents customers with a greater choice.

What about for the organizations?

Strict rules, more strict rules, and even more strict rules!!!

If an organization in the UK suffers a serious data breach, it could be fined up to £17m or 4% of global turnover – 3300% more than the current penalty. However, such financial penalties will be used as a “last resort” and won’t be imposed if the organizations can prove that they took all the adequate measures.

The recent cyber-attacks in the UK left a lot to be desired from a cybersecurity point of view and the new Data Protection Bill is a timely and positive response to those attacks. Under the bill, the organizations in the UK will have to adhere to the rules and will have to report the actions they take to a regulator. If a data breach takes place and the confidential information of individuals is at stake, the organizations must inform ICO within 72 hours.

“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increased risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards,” said Mr. Hancock.

The bill is still in the pipeline and will be published next month. Examining all the proposals made, it’s safe to say that the UK is finally ready to enter the 21st century with the data protection laws and other countries should follow her footsteps.