0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

a summary of anticipated data protection reforms

5 March 2013

Data protection in the UK is currently governed by the Data Protection Act 1998 (DPA). The DPA implements the European Union Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Directive).

On 25 January 2012, the European Commission published details of Data Protection Regulations (the Regulations), which aims to repeal the Directive and put in place a harmonised framework across the EU for the protection of personal data. Among the changes, the Regulations will:

  • give strengthened investigatory powers for data protection authorities and the power to impose fines for compliance failures
  • give new rights to individuals, including data deletion
  • introduce data breach notification obligations
  • apply to data controllers established outside of the EU if their processing is aimed at individuals residing within the EU
  • remove the fee and reduce time frames for subject access requests
  • impose legal obligations upon data processors for the first time
  • require companies with a certain number of employees to have a data protection officer

Expansion of data protection law

The definition of personal data will be broader than in the DPA; this will consequently extend protection in the UK. There will also be a change in relation to consent. At present, implicit consent is sufficient in many circumstances in the UK. However the Regulations provide that in most instances where consent is required for data to be processed, it would have to be given explicitly. Individuals’ rights to access their own data would also be enhanced, as individuals will be able to request a copy of data held about them in a reusable, electronic format. Finally, data processors would have direct obligations under the legislation for the first time.

Impact on UK businesses

The Regulations will replace the collage of laws across the 27 member states with a single data protection framework. Businesses will have to deal with their “home state” data protection authority and the authorities in each country will be required to collaborate. This is likely to save both time and money; however, the additional administrative burdens are likely to outweigh the benefits.

The Ministry of Justice undertook an impact assessment in November 2012 and reviewed the likely cost incurred by implementing this new regime. The MOJ estimates that the annual net cost to UK businesses, the public sector and charities would be at least £100m each year. Furthermore, small businesses are likely to be hit the hardest.

Without doubt, there is an argument for reviewing the current data protection regime, which is a principles based regime. Numerous vast technological advances have been made since 1995, including the expansion of and greater accessibility to the internet and social media. However, the current form of the proposal is likely to be overly prescriptive, with some matters open to potentially unclear delegated acts and it is highly likely that it will prove to be a costly exercise.

focus on...

Legal updates

Non-payment of insurance premiums during the Coronavirus pandemic

The forced closure of many businesses as a result of the Coronavirus pandemic has had a huge impact on the nation’s Gross Domestic Product (GDP). Recent reports from the Office for National Statistics state that the economy was 25% smaller in April than it was in February this year.


Legal updates

Reinstatement for property damage losses – when does it apply?

The Court of Appeal has recently considered the correct test for measuring the indemnity for property damage losses and has provided useful guidance on whether an insured needs to intend to reinstate the property to its pre-loss condition.


Legal updates

Coronavirus (COVID-19) insurance considerations

With instances of COVID-19 rapidly increasing throughout the UK, many businesses are considering the options available to limit staff and customer exposure to Coronavirus.


Legal updates

Financial Services – ‘Duty of Care’ Bill: consumer protection or damp squib?

The Financial Services Duty of Care Bill (the “Bill”) was introduced into the House of Lords in October 2019 and had its second reading on 9 January 2020.


The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

mailing list sign up

Select which mailings you would like to receive from us.

Sign up