Public sector bodies must appoint data-protection officer or risk huge fines

Written by Sam Trendall on 9 August 2017 in News
News

DCMS publishes statement of intent for Data Protection Bill

Public sector bodies must appoint a data-protection officer or face sanctions including multimillion-pound fines, the government has announced.

The Department for Digital, Culture, Media and Sport has published a “statement of intent” outlining the proposals of the government’s Data Protection Bill. The bill contains plans to effectively sign into law the EU General Data Protection Regulation (GDPR), as well as introduce additional measures designed to protect UK citizens and businesses.

One of the GDPR’s key measures for public sector bodies is to require them to employ a designated data-protection officer. Government entities must also conduct impact assessments and notify the Information Commissioner’s Office of any data breaches affecting citizens within 72 hours of their occurrence.


Related content


Failure to comply with these measures could see public – and private – sector organisations hit with one of a range of new sanctions afforded to the ICO, including a fine of £17m, or 20% of global turnover – whichever figure is the greater.

Digital minister Matt Hancock said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account. The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.

He added: “The bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

Other measures introduced in the bill include giving citizens the right to request that social media platforms delete their personal information. The bill also contains proposals to make sites where requiring explicit consumer opt-out become “a thing of the past”, the government said.

GDPR was adopted last year, and becomes enforceable across EU member states in May 2018.

 

Tags

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

DCMS builds team to set government data strategy
16 April 2018

Department recruits for leader of newly created unit dedicated to leading the data policy agenda

We all have something to hide – and the government must let us
21 May 2018

The public sector needs to be careful it does fall foul of citizens’ growing disquiet about how their data is used and by whom, according to PublicTechnology editor Sam Trendall

Hancock vows 'social media companies are not above the law' after Facebook meeting
12 April 2018

Culture secretary talks to executives from embattled internet firm in London in 'robust but constructive' meeting

Will the government’s latest shared services strategy deliver delight or despair to Whitehall?
4 April 2018

Former senior civil servant Andrew Greenway looks at the reasons for both optimism and scepticism as the government embarks on another shared-services rollout