Question to the Department for Digital, Culture, Media & Sport:

To ask the Minister of State, Department for Digital, Culture, Media and Sport, what steps he has taken to help ensure that (a) website owners' and (b) providers' compliance with GDPR protects the privacy of their (i) customers and (ii) users.

The Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) strengthen the obligations on organisations to process individuals’ data fairly, lawfully and transparently and to keep it safe and secure. It also strengthens individuals’ rights to seek to access, rectify or delete their data.

This legislation is regulated and enforced by the independent Information Commissioner’s Office (ICO). The ICO has issued comprehensive guidance for organisations on how to comply with the legislation and is also working closely with specific sectors to address areas of risk.

If individuals have concerns about the way online services are processing their data, they may wish to complain to the ICO. The ICO has a range of corrective powers and sanctions to enforce the GDPR, including:

• issuing warnings and reprimands;

• imposing a temporary or permanent ban on data processing;

• ordering the rectification, restriction or erasure of data; and

• suspending data transfers to third countries.