The Government has not made an assessment of the use of taxation as a disincentive to the processing of personal data. The better use of data can help organisations of every kind succeed – across the public, private and third sectors. Data can be a driver of scientific and technological innovation, and central to the delivery of a whole range of vital public services and societal goals, from tackling climate change to supporting the National Health Service.
All organisations in the UK that process personal data, whether large or small, have to comply with the requirements of the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). The DPA and the GDPR strengthen the obligations on companies to process people’s data fairly, lawfully and transparently and to keep it safe and secure. It also strengthens people’s rights to seek to access, rectify or delete their data.
The legislation is regulated and enforced by the independent Information Commissioner’s Office (ICO). The ICO has issued comprehensive guidance for organisations on how to comply with the legislation and works closely with specific sectors to address areas of risk.
The ICO has a range of corrective powers and sanctions to enforce the GDPR, including:
issuing warnings and reprimands;
imposing a temporary or permanent ban on data processing;
ordering the rectification, restriction or erasure of data; and
suspending data transfers to third countries.