Individuals will be able to legally ask businesses to delete certain personal data under new proposals outlined in the Data Protection Bill.
The Bill forms part of the EU’s General Data Protection Regulation (GDPR), which is due to come into effect on the 25th of May 2018.
The legislation will allow individuals to have greater control over their personal data. This will include the right to fully close accounts or for the data you have stored about them to be erased.
Some of the proposals outlined in the Bill include:
- It will be easier for people to withdraw consent for the use of their personal data
- People will be allowed to ask for their details to be deleted
- Companies will be required to obtain ‘explicit’ consent when they process sensitive personal data
- It will be more straightforward for people to require firms to disclose the personal data they hold on them
Adam Marshall, director general of the British Chambers of Commerce, said:
“This is a complex set of changes, so firms must be helped to get them right – and no small or medium-sized business working hard to adapt to the new regime should be hauled over the coals for unintentional mistakes in the early days.”
Businesses need to manage and secure data property because they risk significant fines if they fail to protect data or suffer a breach.
Some steps you can take to prepare for GDPR include:
- Review and update your existing data protection policies
- Review and update your policies and privacy notices
- Ensure that you have suitable systems in place to manage any potential data breaches