Procurement · 25 January 2018

Government outlines final guidance ahead of new data protection laws

The data protection bill will give consumers greater control over personal data

With new data protection laws just four months away, the government has handed final guidelines to business owners yet to prepare for its requirements.

In April 2018, the data protection bill with bring the EU’s General Data Protection Regulation (GDPR) into UK statute books. Primarily, the bill will make it easier for consumers to withdraw consent for the use of their personal data.

The bill will arm the Information Commissioner’s Office (ICO) with greater powers to hold non-compliant organisations accountable. The highest fines for the most serious data breaches will reach £17m or four per cent of turnover.

Fewer than half of UK business owners are aware of new data protection laws, according to new government research, while a quarter of those who were aware had made changes to cyber security procedures by hiring new staff and updating anti-virus software.

Further to the government’s findings, research from Mailjet has found that startup businesses could be least GDPR-compliant. Only 29 per cent of startups surveyed actually encrypted collected data, while just a third had a data breach notification plan in place.

GDPR support for small firms
ICO helpline
Guide to the GDPR
GDPR checklist
12 steps to prepare now

To support business owners yet to understand new requirements, the Department for Digital, Culture, Media and Sport (DCMS) has provided final guidance for firms.

Owners have been advised to document what data the business holds, review privacy notices and consider how it would delete personal data if asked. Hiring a dedicated data protection officer could also help guarantee full compliance.

Speaking from the World Economic Forum in Davos, secretary of state for digital, culture, media and sport, Matt Hancock, said: “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.

“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.

“There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”



Uber data leak could have earned £17.75m fine under GDPR

After the taxi app concealed a data breach affecting 57m of its users, legal experts suggested Uber would have faced the harshest penalties of incoming data protection rules.


Commenting on the incoming legislation, UK information commissioner Elizabeth Denham said its reforms would “put consumers and citizens first” and force organisations to become transparent and accountable for their actions.

“This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready,” she said.

“Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.”

Denham added that companies fully compliant with GDPR generate better consumer trust and fain a competitive advantage.

Read more: Fear and confusion escalates from government silence on data protection bill

Sign up to our newsletter to get the latest from Business Advice.



Praseeda Nair is the editorial director of Business Advice, and its sister publication for growing businesses, Real Business. She's an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.

From the top