General Data Protection Regulation
Business owner / managers need to be aware of changes around data protection next spring, although there will no doubt be plenty of debate in the autumn when the new Data Protection Bill gets its first reading in Parliament in September.
Some points to be considered by business owner / managers:
1. New fines of 4% of turnover (up to ?17 million) for data breaches.
2. Loss devices - including mobile phones, laptops (including employees personal devices) - containing personal information will be considered as a breach and therefore liable to new fines.
3. Age of consent to be set at 13 years old.
4. Inclusion of Internet Protocol (IP) addresses deemed as personal data and therefore included. (The CJEU has explicitly ruled that dynamic IP address are classified as personal data (C-582/14))
It is difficult to come to any conclusions at this stage, but hopefully things will become clearer in the autumn, once the proposed bill has had its first read.
"The Data Protection Bill, announced in the Queen's Speech at the end of June, will replace existing data protection legislation on both corporate data and data processing by law enforcement agencies.
The Department for Digital, Culture, Media and Sport confirmed to The Reg that the aim was to introduce the Bill when the House returns from summer recess in September.
The Bill will also bring the UK's laws into line with the EU's General Data Protection Regulation, which comes into force in May 2018. Although the UK is leaving the EU, it will have to adhere to the GDPR for about a year as a member state, and ? if it wants to continue exchanging data with EU countries ? will have to demonstrate compliance even after Brexit."