Councils uncertain over effect of European Union General Data Protection Regulation fines

Written by Colin Marrs on 18 December 2015 in News

Public bodies may not be able to escape fines of up to 4% of turnover set to be introduced under new European data protection rules.

The fines have been agreed as part of a draft General Data Protection Regulation which is aimed at regulating the processing of citizens’ data across the continent.

Businesses breaching the rules face the massive fines, but the text of the new directive allows the UK government to restrict the scope of the rules under a number of circumstances which are likely to cover government.

The text says that union state law “may restrict…the scope of the obligations and rights…when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure” to safeguard a number of public interest areas.

These areas include national security, defence, public security, preventing crime, preventing breaches of professional ethics plus “other important objectives of general public interests of the union or of a member state, in particular an important economic or financial interest of the union or of a member state, including monetary, budgetary and taxation a matters, public health and social security”.

Related content

Half of public sector 'unaware of data protection proposals'
Driving Down IT Costs for the Public Sector

The exemptions can also cover inspection or regulatory functions related to the defined areas of public interest.

However, David Cook, solicitor at PricewaterhouseCoopers Legal, told PublicTechnology: “It is unclear how likely it is that all government bodies will be exempted from the regulation.  However, it does appear unlikely that absolutely every government body will be given such a blanket shield and, in many respects, such an outcome would be contrary to the spirit of the GDPR and the intention of the EU in seeking to strengthen the position of a data subject as champion of the data.”

“For the same reasons, it is unlikely that the government will seek to exempt private partners holding citizens' personal data, although some may be exempted for very specific reasons.”

Des Ward, information governance director at public services industry association Innopsis said that there is little need for public bodies to worry, even if the UK government does not exempt them.

He told “Simply put, there is a lot being made of the GDPR, but the fact is that the 4% fine is not a reason to lock everything down.  

“Indeed, the amount of IT budget being wasted in unnecessary storage and protection just because some sensitive data may be in there could be vastly reduced due to the requirement to ensure that data can be moved between providers easily.”

This, he said, could mean that GDPR helps customers understand their information better, resulting in better identification and management of requirements throughout the supply chain.

He pointed out: “The personal data held within corporations at present is already governed by other laws, such as Companies Act, Civil Contingencies Act and basic common law; the GPDR should be taken in context of these laws so ensure that we protect what we must and manage the risks of delivering digital services.”

Cook added: “Public bodies do need to engage in the process and, whether they or not they end up being an exempted category, the rights of data privacy promoted by the regulation will still be an important factor in the post-reform world, whether or not enforced by the harsh regulatory regime underpinning the GDPR.”

The deal will now be put to a vote by Parliament as whole in spring 2016 (probably in March or April), after which member states will have two years to transpose the provisions of the new directive into their national laws.

Last year, a survey found that half of public sector organisations were unaware of the proposed European regulation.

Share this page



Please login to post a comment or register for a free account.

Related Articles

NHS signs £4.5m deal to ‘transform’ demographic data use and better match patients to records
20 May 2022

Work aims to make it easier for NHS number to be found, which contract says will help reduce issues such as false death notices

Revealed: Vaccine Damage Payment Scheme expects up to 2,500 Covid claims with £6m medical assessment firm appointed
18 May 2022

Commercial documents reveal existing scheme for rare instances of severe adverse reactions expects approximately twentyfold increase in usage

HMRC kick-starts project to create £180m digital one-stop-shop for UK traders
17 May 2022

Digital supplier sought to support work over the coming year

Ransomware: Cabinet minister sounds alarm over ‘greatest cyberthreat to the UK’
16 May 2022

Steve Barclay urges greater reporting of attacks