The Data Protection Act controls how your personal information is used by organisations, businesses or the government.
If you’re responsible for using data you need to be aware of the strict rules you have to follow. Called data protection principles they are designed to make sure the information is:
- Fairly and lawfully used
- Used for limited and specifically stated purposes
- Used in a way that is adequate, relevant and not to excess
- Kept for no longer than is absolutely necessary
- Handled in accordance with people’s right to data protection
- Securely stored
- Not transferred, without adequate protection in place, beyond the European Economic Area
General Data Protection Regulations (GDPR)
The legal requirements regarding Data Protection in the UK have not been amended since the Data Protection Act in 1998. Now all is about to change with the introduction of the General Data Protection Regulations (GDPR) in May 2018.
This is a piece of European Legislation affecting all members of the European Union and even though we have the Brexit process set to take us out of the EU, this legislation will apply to the UK not just whilst we remain a member of the EU, but its provisions are expected to be adopted within whatever range of legislation we retain post-Brexit.
The GDPR regulations have potentially far reaching consequences for small to medium size businesses who may not currently have an issue with Data protection and/or Data processing, but who are unlikely to be compliant with the new regulations as things stand at present.
If you would like to ensure you are compliant with GDPR or at least know what is required to become compliant, invite GO Legal HR an audit of your current Data Protection practices. We can quickly compare this to the requirements under the new act to at least ensure you are aware of any gaps and what the consequences of a breach of the new act may involve.