The EU has decided that the UK is being too lax in implementing data protection law therefore later this year there are going to be some key changes that will take place.  Companies with 250+ employees must employ a data protection officer whose role will be to ensure they deal with personal information of staff and customers correctly.

The Information Commission has also stated it will ensure that:

People will have easier access to their own data, and will find it easier to transfer it from one service provider to another.

Users will have the right to demand that data about them be deleted if there are no “legitimate grounds” for it to be kept.

Organisations must notify the authorities about data breaches as early as possible, “if feasible within 24 hours”.

In cases where consent is required organisations must explicitly ask for permission to process data, rather than assume it.

From May 2012 organisations that break the rules will face severe penalties – up to £500,000 for companies that are guilty of breaches.

Individuals who fail to notify the Information Commission that they are processing personal information may be fined up to £1,000.