UK ramps up cyberdefence, strengthening data protection and guidelines on smart car hacking

The British government is ramping up its cyberdefence by issuing new, stricter guidelines to help protect smart cars from hackers. The government said that it was concerned over how hackers could steal personal data, hijack control of cars and do more by hacking into smart cars.

The UK government also issued a "statement of intent" detailing plans to strengthen the nation's data protection laws. The new measures would allow people to have "greater control over personal data", including the right to be forgotten and enforcing social media platforms to delete information when requested by users.

Smart car cybersecurity guidelines

The UK's new cybersecurity guidelines for smart cars will also ensure that engineers and manufacturers design and build a new generation of smart cars that come with tougher cyber protections that "help design out hacking."

"Whether we're turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks," transport minister Lord Callanan said in a statement. "Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations."

New data protection laws

Under UK's new data protection laws, businesses will also be supported to make sure that they are able to handle data securely. Organisations that refuse to delete data when requested or fail to report data breaches, could be fined up to £17m or up to 4 percent of their global turnover.

The government claims that the new bill will:

• Make it simpler to withdraw consent for the use of personal data
• Allow people to ask for their personal data held by companies to be erased
• Enable parents and guardians to give consent for their child's data to be used
• Require 'explicit' consent to be necessary for processing sensitive personal data
• Expand the definition of 'personal data' to include IP addresses, internet cookies and DNA
• Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
• Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
• Make it easier for customers to move data between service providers

Under the new law, some aspects of the GDPR will mean that businesses will be required to notify the government about loss of personal data within 72 hours. Businesses have around 10 months to ensure that their systems are compatible to meet the requirements of the new law.

"The Bill includes tougher rules on consent, rights to access, rights to move and rights to delete data. Enforcement will be enhanced, and the Information Commissioner given the right powers to ensure consumers are appropriately safeguarded," said Matt Hancock, Minister of State for Digital.