Councils uncertain over effect of European Union General Data Protection Regulation fines

Written by Colin Marrs on 18 December 2015 in News

Public bodies may not be able to escape fines of up to 4% of turnover set to be introduced under new European data protection rules.

The fines have been agreed as part of a draft General Data Protection Regulation which is aimed at regulating the processing of citizens’ data across the continent.

Businesses breaching the rules face the massive fines, but the text of the new directive allows the UK government to restrict the scope of the rules under a number of circumstances which are likely to cover government.

The text says that union state law “may restrict…the scope of the obligations and rights…when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure” to safeguard a number of public interest areas.

These areas include national security, defence, public security, preventing crime, preventing breaches of professional ethics plus “other important objectives of general public interests of the union or of a member state, in particular an important economic or financial interest of the union or of a member state, including monetary, budgetary and taxation a matters, public health and social security”.

Related content

Half of public sector 'unaware of data protection proposals'
Driving Down IT Costs for the Public Sector

The exemptions can also cover inspection or regulatory functions related to the defined areas of public interest.

However, David Cook, solicitor at PricewaterhouseCoopers Legal, told PublicTechnology: “It is unclear how likely it is that all government bodies will be exempted from the regulation.  However, it does appear unlikely that absolutely every government body will be given such a blanket shield and, in many respects, such an outcome would be contrary to the spirit of the GDPR and the intention of the EU in seeking to strengthen the position of a data subject as champion of the data.”

“For the same reasons, it is unlikely that the government will seek to exempt private partners holding citizens' personal data, although some may be exempted for very specific reasons.”

Des Ward, information governance director at public services industry association Innopsis said that there is little need for public bodies to worry, even if the UK government does not exempt them.

He told “Simply put, there is a lot being made of the GDPR, but the fact is that the 4% fine is not a reason to lock everything down.  

“Indeed, the amount of IT budget being wasted in unnecessary storage and protection just because some sensitive data may be in there could be vastly reduced due to the requirement to ensure that data can be moved between providers easily.”

This, he said, could mean that GDPR helps customers understand their information better, resulting in better identification and management of requirements throughout the supply chain.

He pointed out: “The personal data held within corporations at present is already governed by other laws, such as Companies Act, Civil Contingencies Act and basic common law; the GPDR should be taken in context of these laws so ensure that we protect what we must and manage the risks of delivering digital services.”

Cook added: “Public bodies do need to engage in the process and, whether they or not they end up being an exempted category, the rights of data privacy promoted by the regulation will still be an important factor in the post-reform world, whether or not enforced by the harsh regulatory regime underpinning the GDPR.”

The deal will now be put to a vote by Parliament as whole in spring 2016 (probably in March or April), after which member states will have two years to transpose the provisions of the new directive into their national laws.

Last year, a survey found that half of public sector organisations were unaware of the proposed European regulation.

Share this page



Please login to post a comment or register for a free account.

Related Articles

Cyber national security: how the UK has prepared itself for major attacks
6 July 2020

We are approaching the fourth anniversary of the foundation of the NCSC and the threats it was created to respond to loom larger than ever. PublicTechnology examines the growth of the UK’...

DCMS quizzed over guidance for dating sites
12 May 2020

No specific guidance has been issued for sector, but minister says department would ‘expect everyone to be aware’ of social distancing 

How Denmark aims to ‘create trust’ in contact-tracing tech
7 May 2020

The CEO of Danish tech firm NetCompany tells PublicTechnology why the country’s existing digital infrastructure could help encourage adoption of its soon-to-launch coronavirus...

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right