window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');


We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Be ready for new UK data law

A new UK data protection law that’s on its way doesn’t mean it’s OK to forget new European legislation.

News of the UK bill may have reinforced the misconception held by some business people in Sussex, Surrey and Kent that there’s no need to worry about the EU General Data Protection Regulations which come into force next May.

That’s not true. The government has already officially stated that the new law will bring the GDPR into UK law. It’s essentially a cut-and-paste job thereby making it easier to do business in Europe after Brexit.

Right to erase data

Like the GDPR, the UK legislation proposes to make it simpler to withdraw consent for the use of personal data. It allows people to ask for their personal data to be erased and parents will have more control over how their children’s data is used. The definition of personal data will be expanded to include IP addresses, internet cookies and DNA. These are just a few of the many tighter requirements the new UK law will impose.

The penalty for non-compliance could be as high as £17 million – or 4 per cent of your company’s annual revenues according to which is greater.

That’s much more than the penalty imposed by the current UK Data Protection Act and unlike the old law, any data breaches must be reported in a matter of days. For the GDPR it’s 72 hours – that’s just three days. The UK law is likely to be the same.

Certification helps

So, it’s essential for companies across the South East to take a serious look at all data-related aspects of their business before the new regulations come into force. In fact, it’s best to be compliant with the EU’s requirements before May 2018 because you may have partners who trade in Europe or customers from the continent.

A good way to achieve this in a structured way is to obtain the government-backed certification from the Cyber Essentials programme. It demonstrates that you’ve got a good information security management system in place and it will help you to focus on tightening up all aspects of IT security because you’re being judged by an external monitoring body.

The ongoing threat of cyber-crime is one big reason why data needs to be stored safely and backed up.

This has been a painful lesson for major companies like FedEx and TNT. They’re reported to be suffering still following the WannaCry ransomware attack that also badly affected the NHS. They clearly didn’t have proper data back-up procedures in place which is a stark reminder for businesses of all sizes.

Gary Jowett from CNC in Brighton says: “Data protection regulations are being tightened up for the benefit of everyone. So, all UK businesses have to be prepared. The simple fact is the UK will continue to do a substantial amount of trade with its European neighbours and must therefore follow the same standards for data storage and use.”

Newsletter Archives

By |2019-02-01T21:16:00+00:0022nd August 2017|Legislation|Comments Off on Be ready for new UK data law

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept