UK’s proposed Data Protection Bill looks to go further than GDPR

The new Data Protection Bill, which plans to overhaul the UK’s data protection regulations, has been welcomed by managed services provider (MSP) EACS.

As organisations prepare for the General Data Protection Regulation (GDPR), they need to be aware that the new bill will likely go further than the EU regulations, as they currently stand, particularly in terms of the introduction of new criminal offences and the unlimited fines they may incur.

Keeping in line with the European Union’s (EU) GDPR, the new bill aims to increase trust and confidence in the economy and offers enhanced benefits in terms of data protection. However, there are some potential changes that will bring other financial repercussions for companies that fail to demonstrate compliance.

>See also: UK’s new data protection laws aim to give more control 

“The UK government has put out a very bold statement in that its vision is ‘to make the UK the safest place to live and do business online’,” according to Paul Wilford, cyber security architect at EACS.

“In order for this goal to come to fruition, organisations must view these new laws as an opportunity to get ahead of the game, as opposed to a burden that will hold back their business. Essentially, every organisation is in the same boat and must demonstrate compliance. But forward thinking companies can actually embrace this as a USP by using this grace period to get their houses in order and to reassure both customers and partners that they are ahead of the game and that they are taking data protection seriously.”

>See also: The Queen’s Speech: a technological revolution?

For example, the bill states that The UK Government will “create a new offence of altering records with intent to prevent disclosure following a subject access request”. The scope of the offence would apply not only to public authorities but to all data controllers and processors. The maximum penalty would be an unlimited fine in England and Wales or a Level 5 fine in Scotland and Northern Ireland.

For Wilford, although this suggests that there may be greater financial repercussions, there will be long term benefits to the UK’s digital economy.

“This is a welcome piece of legislation and one that will make the UK a much more attractive place to do business with. However, organisations need to be savvy to certain elements that differ from GDPR. By way of example, an organisation could potentially be fined for a breach, or they could be fined for lack of compliance even if it hasn’t actually been breached. But there are also some new additions as well, such as a new offence for ‘intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data’.”

>See also: GDPR: Out with the old in with the EU 

“Offenders who knowingly handle such data will also be guilty of an offence and the maximum penalty will be an unlimited fine. Elements like this are beyond the original message of GDPR and suggest that that the UK is actually bolstering the legislation.”

“There will no doubt be growing pains on the road to compliance but it will be good for the UK’s digital economy in the long term. As the digital economy continues to grow, having clear safeguards in place will help the UK deliver on its promise to make the UK the safest place to live and do business online,” concluded Wilford.


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Data Protection Bill