Commenting on the news that Britons could obtain more control over what happens to personal information under proposals outlined by the government, Mishcon de Reya Cyber Security Lead Joe Hancock said:
"These proposals appear to be primarily intended to transfer the European General Data Protection Regulation (GDPR) into UK law, which means that businesses will not have much time to ensure they are compliant by May 2018 when the GDPR comes into force.
"Many businesses still rely simply on data policies to drive compliance, as we have seen with approaches to the current data protection act. This approach has not prevented many incidents of data loss or misuse.
"The GDPR aims to support the wider digital economy and use of personal data and goes much deeper, requiring a business to understand its data and how it is actually managed day to day.
"Transparency and openness are the key to building trust in how businesses process data. Clearly telling customers how you collect their data and use it, in plain English, should go a long way to addressing many of the frustrations with data collection practices.
"These laws are intended to protect individuals, not to penalise businesses: it's entirely possible for businesses to collect and use personal data if it is done in a managed and open way.
"It is clear that privacy and security of data needs to be taken seriously. It seems that many businesses still do not budget for the effort required to do this properly. Getting the basics right and complying with regulation should prevent a lot of the problems we see today.
"For over a year we have been hearing about the large fines that these changes will bring, but the threat alone will not help to improve the levels of data protection.
"As a headline, the right to be forgotten is a positive move for the protection of children and young people. Since 2000, we have a truly digital generation whose entire lives will have been lived online. This right to be forgotten and the wider rights to access, correct and delete data will put individuals in control of their own data."