UK Government publishes plans for data protection reforms

The UK Government has published its plans to reform the UK’s data protection laws in a Statement of Intent. For those already preparing for the EU’s new GDPR (you can read our handy guide here).  Some of these proposals will apply to the UK only, however.

The Data Protection Bill will create two new criminal offenses, namely:

  • the intentional or reckless re-identifications of individuals from anonymised or pseudonymised data; and
  • The alteration of records with the intent to prevent disclosure following a subject access request.

Both of these new offenses will carry a potentially unlimited fine.

Further points to note:

  • The Bill will extend the scope of the existing offense of unlawfully obtaining data. Even if the data was lawfully obtained in the first place, data retained against the wishes of the data controller will be considered unlawful.
  • Individuals will have the express right not to be subject to automated decision-making, including profiling, although, in the UK certain ‘legitimate’ processing will be allowed to occur. Whilst the scope of this exception is still unclear, the Statement of Intent mentions that automated credit reference checks are legitimate, for example.
  • Similarly, the Bill will extend permission for the processing of personal data in relation to criminal convictions and offences, to all organisations, within strict rules.

The Bill should be published in full by the end of September, so look out for updates. In the meantime, you can find out more about our expertise in data protection law by clicking here.