Data Protection Act 2018

Made: 23-05-2018 | Laid: 23-05-2018 | Forced: 23-05-2018

Overview


The Data Protection Act 2018 implements the EU data protection laws (GDPR) and by protecting personal data, also gives people more control over use of their data.The Act sets out laws for:

  • General data processing
  • Law enforcement data processing
  • Data processing by the intelligence services
  • Regulatory oversight and enforcement of the legislation

Background

The General Data Protection Regulation (GDPR) is an EU Regulation that came into force in May 2018 and harmonises all data privacy laws across Europe. The legislation is designed to ensure that personal data is protected and it is applicable to organisations operating within the EU whose activities involve the processing of personal data. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Personal data is any information relating to an identified or identifiable person. An identifiable person is someone who can be identified, directly or indirectly, from the data held on them. This could include identification by reference to a name, an identification number, location data, an online identifier (such as an IP number) or to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person. If you have employees, customers or suppliers it is highly likely that you hold or use some personal data. In addition to the requirements set out in this article, the GDPR includes:

  • An increased territorial scope – the GDPR now places obligations on organisations based outside the EU that process the data of data subjects in the EU
  • The maximum penalty for non-compliance is raised from £500,000 to €20m or 4% of annual global turnover, whichever is greater
  • New accountability principle that requires you to demonstrate that you are compliant with data protection principles
  • Obligations are now placed on processors of personal data in addition to controllers as well as a need for contractual terms to be in place between parties

Please note: Data Protection does not cover Freedom of Information, which is a separate topic and covers (for example) the requirement to provide information held on a topic rather than a person. Please search for 'Freedom of Information Act'

Requirements


Restricted content for registered members

Register to read full article.

Updates & Amendments


Restricted content for registered members

Register to read full article.

Typical Tasks Required


Restricted content for registered members

Register to read full article.

Useful Information


Restricted content for registered members

Register to read full article.