The Government has published The Data Protection Bill which is intended to make data protection laws fit for the digital age and empower people to take control of their data.
The Government considers that, as far as possible, existing lawful data processing should be allowed to continue. So the Bill assures specific UK businesses and organisations that the vital data processing they undertake for legal or public interest reasons can continue uninterrupted. It will preserve existing tailored exemptions that have worked well in the Data Protection Act 1998, carrying them over to the new law.
Scientific and historical research organisations such as museums and universities will be exempt from certain obligations which would impair their core functions.
The data protection regulator, the Information Commissioner’s Office (ICO), will be given more power to issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.
Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.
The Government has published a Data Protection Bill Overview and a number of factsheets on the Data Protection Bill.