Last updated: 09.08.17

Digital Minister plans to overhaul UK data protection laws

The UK’s Digital Minister Matt Hancock has put forward proposals to overhaul the current UK data protection laws with legislation that allows users to have their information deleted.

As of May 2018, citizens across the UK will be able to obtain more control over their personal data, requesting information that has previously been given may be deleted, in what is being hailed as the ‘most important change in data privacy regulation in 20 years’.

This is under proposals by the government and the Digital Minister Matt Hancock to overhaul the current UK data protection laws. As a result of the legislation, UK businesses and organisations that fail to adhere to the new rules will face larger fines that could even force them into liquidation.

According to the BBC, the Bill will transfer the European Union's (EU) General Data Protection Regulation (GDPR) into UK law. Proposals will make it simpler for people to withdraw consent for their personal data to be used, while also allowing them to ask for information to be deleted.

It will also require firms to obtain “explicit” consent when they process sensitive personal data and they will have to expand personal data to include IP addresses, DNA and small text files known as cookies.

Overall, the Act will allow people to get hold of the sensitive information organisations hold, more easily. If businesses and organisations fail to protect information or suffer a breach, they will face much heavier fines than under current legislation.

In a statement, Mr Hancock said: "The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit."

The right for data to be removed

As it stands under current law, the maximum fine that firms can suffer for data breach is £500,000. However, as of next May, the country’s Information Commissioner will have its powers strengthened to help police the new law.

Next year, businesses and UK firms that suffer a data breach could be fined up to as much as £17 million or four per cent of their global turnover - whichever is the highest.

Elizabeth Denham, the Information Commissioner, told the BBC: "We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy, and the benefits the enhanced protections will bring to the public."

What information can be deleted?

Users will be able to request that businesses remove any information they are unhappy with - including their name, DNA, genetic features or any data that can identify them. In addition to this, you can also request that any company holding your personal data delete it.

Despite these promises, there have been arguments that firms holding the data can refuse the request to delete information on grounds of freedom of expression or matters of scientific or historical importance.

The legislation will go beyond the ‘right to be forgotten’ rules that apply to search engines, preventing what can be listed in search results.

Related resources