LONDON — Companies that expose their customers information in data breaches could face far harsher penalties — including fines of up to 4% of their global annual turnover.
On Monday, the British government announced plans to strengthen UK data protection law with the a new Data Protection Bill.
Among the plans laid out in the bill is to give the ICO (Information Commissioner's Office) regulator the power to fine companies up to £17 million, or 4% of global turnover, in the "most serious data breaches."
It's a significant increase — the maximum fine that the ICO can currently levy is for £500,000.
The Data Protection Bill will also make it easier for people to withdraw consent for the use of their personal data, and expand the definition of "personal data" so that it includes DNA, internet cookies, and IP addresses, among other changes.
In a statement, secretary for digital Matt Hancock said: "Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
"The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive."