UK Government Announces New Data Bill

UK Government Announces New Data Bill

posted in Cyber-Security ● 24 Nov 2014

In line with the upcoming General Data Protection Regulation (GDPR), Matt Hancock, Digital Minister, has announced plans for a new Data Bill set to strengthen current data protection laws in the UK. The GDPR has been making headlines across the globe in the last 18 months, but with less than 8 months until the deadline for compliance the UK government has begun the process of making the regulation UK law.

Among the noise of Brexit negotiations, some chose to believe that the GDPR may not take such an effect on UK based organisations; several months ago, it was reported that more than 40% of companies were not aware of or prepared for the GDPR coming into place. However, with the regulation set to affect all organisations that trade with or hold data regarding European Citizens, Brexit or not non-compliance is not an option.

Who, what and where?

The statement of intent published by the Department for Digital, Culture, Media & Sport on August 7th lays out an overview of the planned reforms to data protection in the new Data Protection Bill. Among many changes, one which has been heavily publicised is the increase in the fine that can be given as punishment for not complying with data laws. Previously, in the Data Protection Act (DPA), an organisation could be given a fine of up to £500,000 for a serious breach, this figure is now £17m or 4% of global revenue.

With the regulation set to come into place early next year, across Europe, each state will be charged with enforcing the new laws; The Information Commissioners Office will be responsible for this in the UK. Key changes under the new data protection bill include:

  • A renewed focus on protecting personal data and the rights an individual has with regards to their personal data.
  • Making it simpler to withdraw consent to the use of personal data.
  • Updated definitions of key terms as previously defined in the Data Protection Act 1998, including what classifies as personal data.
  • Further onus on data processors to protect individual’s rights.
  • New guidelines on reporting a data breach and the timeframe to do so without incurring a monetary penalty.

While some of the changes may seem drastic, it is important to realise that the DPA is almost 20-years old and the technological advancements that have come within that time.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.” – Matt Hancock

What do you need to do?

To comply with GDPR it is important to understand which parts are likely to affect you or your organisation, for example some but not all organisations will have to consider employing a person in the position of Data Protection Officer to help with compliance.

An area that all organisations will have to comply with is updating processes around consent to the use of personal data. Organisations must be given clear and ‘unambiguous’ consent and must ensure that the purpose of data collection is clear and available, processes must also be put in place to be able to track consent and for consent to be easily withdrawn by the data subject.

Due diligence must also be taken by organisations to ensure that the managed service providers and contractors they work with are not putting the organisation at risk of data breach. It is stated in the regulation that ‘technical and organisation measures’ must have been taken.

Do I need to hire a DPO?

A DPO’s primary focus will be to inform and advise an organisation and its employees about their obligation to comply with the GDPR and other data protection laws. Including monitoring compliance with GDPR, and other data protection laws, train staff and conduct internal audits. They must report into the highest level of management and cannot perform the role if they are in an alternate role that could create a conflict of interest.

Under the regulation, organisations must appoint a DPO if they are a public authority, carry out monitoring of individuals on a large scale or process special categories of data on a large scale.


Redstor will be partnering with GDPR365, to ensure all organisations are prepared for the new Data Protection Bill and the GDPR. GDPR365 gives organisations a platform to review and organise their processes to ensure they are GDPR compliant and to provide a framework for new documentation needed under the regulation.

Alternatively, download the GDPR White paper.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading