Businesses urged to prepare for Data Protection Bill
Individuals will be able to legally ask businesses to delete certain personal data under new proposals outlined in the Data Protection Bill.
The Bill forms part of the EU’s General Data Protection Regulation (GDPR), which is due to come into effect on 25 May 2018.
The legislation will allow individuals greater control over their personal data, including the right to fully close accounts or data to be erased.
Some of the proposals outlined in the Bill include:
- making it simpler for people to withdraw consent for the use of their personal data
- allowing people to ask for their details to be deleted
- requiring companies to obtain ‘explicit’ consent when they process sensitive personal data
- making it easier for people to require firms to disclose the personal data they hold on them.
Adam Marshall, director general of the British Chambers of Commerce, said: “This is a complex set of changes, so firms must be helped to get them right – and no small or medium-sized business working hard to adapt to the new regime should be hauled over the coals for unintentional mistakes in the early days.”
Businesses need to manage and secure data property or risk significant fines if they fail to protect data or suffer a breach.
Some steps you can take to prepare for GDPR include:
- reviewing and updating your existing data protection policies
- reviewing and updating your policies and privacy notices
- having suitable systems in place to manage potential data breaches.