Public Services > Central Government

Government to introduce new data protection bill

David Bicknell Published 07 August 2017

Bill brings GDPR into UK law and will offer right to be forgotten and to require social media platforms to delete information on children and adults when asked


The government has said it will give people more control over their personal data and be better protected in the digital age, with the introduction of a new Data Protection Bill.

The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, with the government claiming that the new bill will “provide everyone with the confidence that their data will be managed securely and safely." It said that research shows that more than 80 per cent of people feel that they do not have complete control over their data online.

Under the bill’s plans, individuals will the right to be forgotten and ask for their personal data to be erased. They will also be able to ask social media channels to delete information posted in their childhood. The bill said the reliance on a default opt-out or pre-selected ‘tick boxes’, “which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.”

The bill refers to the powers available to the data protection regulator, the Information Commissioner’s Office (ICO), to issue fines of up to £17m or 4 per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, minister of state for Digital said, “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. We have some of the best data science in the world and this new law will help it to thrive.”

Elizabeth Denham, the Information Commissioner, said, “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public."

The government said that data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights.

It said those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

Tom Thackray, CBI Innovation Director, said, "In the modern economy, data has huge value and its innovative use leads to better services and more productive businesses. But firms know that this ability to innovate is dependent on customers having confidence that their information is well protected.

“This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.” 

Julian David, chief executive of techUK, said,"The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations."


We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.