Today marks the introduction of Data Protection Act 2018. This Act forces companies to use people’s personal data responsibly or risk facing fines of up to £17 million.
Starting today, new data laws mean that people will be able to get more information about how organisations will use and share their data.
This includes being able to withdraw consent for the use of their personal data more easily, and requiring an organisation to disclose the personal data it holds on them more easily and for free.
People will also be able to:
- move data between service providers such as rival social media platforms;
- benefit from tougher cybersecurity rules, and the right to be told when their data is breached and the breach is sufficiently serious;
- ask for their personal data held by companies to be erased in a wider range of circumstances, including when they turn 18; and
- benefit from a new age-appropriate design code that will help websites understand the needs of children and young people online.
The Information Commissioner, Elizabeth Denham, has been granted powers to act quickly when people’s data has been breached and allowing her to hold rogue companies to account. This includes the ability to issue fines of up to £17 million or 4 per cent of global turnover for the most serious data breaches.
The Data Protection Act 2018 is part of Government’s work to strengthen the UK’s data protection laws and make them fit for the digital age.
The Information Commissioner’s Office (ICO) has provided guidance for organisations that hold and process personal data. Their line for small organisations has received more than 8000 calls since it opened in November 2017, and the Guide to the GDPR has had over one million views. The regulator also has a GDPR checklist, and 12 steps to take now to prepare for GDPR.
Guidance provided by the ICO is available here.