Public sector bodies must appoint data protection officer under new data regulations, UK Government announces

Written by Sam Trendall on 11 August 2017 in News

The DCMS has published a statement of intent for its Data Protection Bill ahead of GDPR coming into force next year

Data - Image credit: Janet McKnight via Flickr

Public sector bodies must appoint a data protection officer or face sanctions including multi-million pound fines under new data regulations, the UK Government has announced.

The Department for Digital, Culture, Media and Sport (DCMS) has published a ‘statement of intent’ outlining the proposals of the UK Government’s Data Protection Bill.

The bill contains plans to effectively sign into law the EU General Data Protection Regulation (GDPR), as well as introduce additional measures designed to protect UK citizens and businesses’ data.


One of the GDPR’s key measures for public bodies is to require them to employ a designated data protection officer.

Organisations must also conduct impact assessments and notify the Information Commissioner’s Office (ICO) of any data breaches affecting citizens within 72 hours of their occurrence.

Failure to comply with these measures could see public and private sector organisations hit with one of a range of new sanctions afforded to the ICO, up to a maximum fine of £17m or 20 per cent of global turnover, whichever figure is the greater.

UK digital minister Matt Hancock said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.

He added: “The bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.

“We have some of the best data science in the world and this new law will help it to thrive.”

Other measures introduced in the bill include giving citizens the right to request that social media platforms delete their personal information.

The bill also contains proposals to making sites requiring consumers to opt-out of data being held “a thing of the past”, the UK Government said.

Under GDPR consent must be clearly given for personal data to be used, for example, to be added to a mailing list. It cannot simply be the default.

GDPR comes into force across EU member states in May 2018.



Related Articles

More than 800,000 premises in Scotland can now access superfast broadband
23 October 2017

The Scottish Government is on track to meet its commitment to 95 per cent broadband coverage by the end of 2017

Robots, connectivity and digital skills: progress on digital in Scotland
21 June 2017

With technology now permeating all aspects of life, there is a need for leadership as the public sector pushes to keep up with the pace of change

Minimum broadband speed set at 10Mbps in Digital Economy Bill despite peers’ amendment
3 May 2017

The UK Government rejects a House of Lords amendment to boost minimum speed to 30 Mbps, citing “serious concerns” about ability to deliver

Interview: Shirley-Anne Somerville on the Scottish Government's work towards a STEM strategy
7 April 2017

The Scottish Government published its draft STEM education strategy in November and work is now underway on the final version

Related Sponsored Articles

Associate feature: 5 ways IoT is transforming the public sector
5 February 2018

Vodafone explores some of the ways IoT is significantly improving public sector service delivery

Associate feature: Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

Share this page