Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps she is taking to ensure individual personal data is secure.

All organisations in the UK that process personal data have to comply with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Amongst other things, the legislation requires organisations to have appropriate technical and security measures in place to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Under the Data (Use and Access) Act, the Information Commissioner, the UK’s independent regulator for data protection, will have strengthened enforcement powers to hold organisations accountable in a rapidly evolving digital landscape.