Organization’s in the United Kingdom are now on the hook to act in accordance with the EU’s General Data Protection Regulation (GDPR) given that the government just shared its intent to write legislation into law in the new Data Protection Bill.
According to infosecurity-magazine.com, the UK’s privacy laws for the digital age will be improved with the proposed bill. Clients will be entitled to new rights “while mandating strict requirements on businesses which handle their data,” according to the publication.
Businesses will reportedly have to ask clients to opt-in before taking and using their personal data. Companies will also have to make the ICO aware of a serious data breach within 72 hours. If they do not follow these requirements, businesses could be forced to pay up to 4 percent of global annual turnover or £17 million, whichever amount is higher.
The legislation also includes new rights for clients, including that they will have the right to data portability and the right to be forgotten.
“Our measures are designed to support businesses in their use of data and give consumers the confidence that their data is protected and those who misuse it will be help to account,” Digital Minister Matt Hancock said in a statement.
But there are questions remaining that center around whether or not data will be able to be moved, unscathed, from the UK to the EU with the mass surveillance rights the UK authorities are privy to via the Investigatory Powers Act. Some reportedly say that it’s not safe for those in the EU to feel at ease with their data stored in the UK as it could be looked at by police or other security personnel, according to the publication.
Regardless, those in the enterprise will still have to adhere with the new legislation when the GDPR is enforced on May 25 of next year.
RSA Security’s field CTO EMEA, Rashmi Knowles, told infosecurity-magazine.com that the new legislation blurs the lines when it comes to personal data and that there’s a lot of work to be done for compliance.
“The biggest challenge is going to be process; particularly around issues such as data availability and consent,” she told the publication.
Stay with us for updates on this and what it could mean for your business.