The Data Protection Act 2018 implements the EU data protection laws (GDPR) and by protecting personal data, also gives people more control over use of their data.The Act sets out laws for:
The General Data Protection Regulation (GDPR) is an EU Regulation that came into force in May 2018 and harmonises all data privacy laws across Europe. The legislation is designed to ensure that personal data is protected and it is applicable to organisations operating within the EU whose activities involve the processing of personal data. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Personal data is any information relating to an identified or identifiable person. An identifiable person is someone who can be identified, directly or indirectly, from the data held on them. This could include identification by reference to a name, an identification number, location data, an online identifier (such as an IP number) or to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person. If you have employees, customers or suppliers it is highly likely that you hold or use some personal data. In addition to the requirements set out in this article, the GDPR includes:
Please note: Data Protection does not cover Freedom of Information, which is a separate topic and covers (for example) the requirement to provide information held on a topic rather than a person. Please search for 'Freedom of Information Act'