New UK Data Protection Bill introduced into the House of Lords


The UK Government has yesterday introduced the new UK Data Protection Bill to the House of Lords which, if passed, will overhaul the current UK data protection regime.

In most respects the bill, which will come into force next May, will transfer the European Union’s General Data Protection Regulation into UK law. The legislation will also be maintained after Brexit.

Whilst the proposals impose much heavier fines on those who do not protect personal data, the government said it had negotiated “vital” exemptions to create a more “proportionate” regime for Britain.

The government had already unveiled other key provisions of the Data Protection Bill in August, including:

  • Making it simpler for people to withdraw consent for their personal data to be used
  • Letting people ask for data to be deleted
  • And making re-identifying people from anonymised or pseudonymised data a criminal offence

In addition, UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover.

The current maximum fine firms can suffer for breaking data protection laws is £500,000.

To read the proposed UK Data Protection Bill in full, please click here.