The Data Protection Act 2018 achieved Royal Assent on 23
May 2018. The Act implements provisions relating to GDPR among other things. The Government has published an overview of the Act, information on general processing of personal data.
The Information Commissioner’s Office (ICO) has been granted new powers to act swiftly when people’s data has been breached and allow her to hold rogue companies to account. This includes being able to:
- Issue fines of up to £17 million or 4 per cent of global turnover for the most serious data breaches
- Demand access to an organisation’s premises to carry out ‘no notice’ inspections without a warrant
- Request a court order to force someone to share information, with the prospect of criminal convictions when this is not followed.
The Government will shortly publish a consultation on exemptions to paying ICO fees to ensure the regulations remain appropriate in the new regime.