The new Data Protection Bill, which plans to overhaul the UK's data protection regulations, has been welcomed by managed services provider (MSP) EACS.
As organisations prepare for the General Data Protection Regulation (GDPR), they need to be aware that the new Bill will likely go further than the EU regulations, as they currently stand, particularly in terms of the introduction of new criminal offences and the unlimited fines they may incur.
Keeping in line with the European Union's (EU) GDPR, the new bill aims to increase trust and confidence in the economy and offers enhanced benefits in terms of data protection. However, there are some potential changes that will bring other financial repercussions for companies that fail to demonstrate compliance.
For example, the bill states that The Government will "create a new offence of altering records with intent to prevent disclosure following a subject access request". The scope of the offence would apply not only to public authorities but to all data controllers and processors. The maximum penalty would be an unlimited fine in England and Wales or a Level 5 fine in Scotland and Northern Ireland.
For Paul Wilford, Cyber Security Architect at EACS, although this suggests that there may be greater financial repercussions, there will be long term benefits to the UK's digital economy.
He comments: "This is a welcome piece of legislation and one that will make the UK a much more attractive place to do business with. However, organisations need to be savvy to certain elements that differ from GDPR. By way of example, an organisation could potentially be fined for a breach, or they could be fined for lack of compliance even if it hasn't actually been breached. But there are also some new additions as well, such as a new offence for 'intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data'. Offenders who knowingly handle such data will also be guilty of an offence and the maximum penalty will be an unlimited fine. Elements like this are beyond the original message of GDPR and suggest that that the UK is actually bolstering the legislation.
"The UK government has put out a very bold statement in that its vision is 'to make the UK the safest place to live and do business online'. In order for this goal to come to fruition, organisations must view these new laws as an opportunity to get ahead of the game, as opposed to a burden that will hold back their business. Essentially, every organisation is in the same boat and must demonstrate compliance. But forward thinking companies can actually embrace this as a USP by using this grace period to get their houses in order and to reassure both customers and partners that they are ahead of the game and that they are taking data protection seriously.
"There will no doubt be growing pains on the road to compliance but it will be good for the UK's digital economy in the long term. As the digital economy continues to grow, having clear safeguards in place will help the UK deliver on its promise to make the UK the safest place to live and do business online," concludes Wilford.