GDPR/ Data Protection Act 2018 - Why the changes?

The Data Protection Act 1998, which prior to May 2018 provided our legal framework for data protection in the UK, was 20 years old and needed updating to reflect not only the advances in technology, with the introduction of smartphones and tablets, but also the advances in social media.  It’s hard to believe that the Data Protection Act 1998 was introduced at a time when there was no social media such as Facebook, Twitter, LinkedIn, WhatsApp!

These advances mean big business, and recent analysis predicts that data will benefit the UK economy by up to £241 billion between 2015 and 2020. (CEBR & SAS (2016), The Value of Big Data and the Internet of Things to the UK Economy.)

 

What should I be doing?

The GDPR/ Data Protection Act 2018 place great emphasis on the words like accountability and transparency. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the new legislation emphasis elevates their significance.

The new accountability principle in requires you to demonstrate that you comply with the principles. This is your responsibility.  This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies, and that is where we come in.  We aim to make that process as easy as possible for you by providing you with training materials and policies and other material to show compliance with the GDPR/ Data Protection Act 2018.

Similarly with transparency you are required to provide information to customers in clear, intelligible format, as well as offering real choice and control to your customers about how you use their personal data.  We can help with that by providing an easy to understand privacy policy or data protection policy as well as guidance for your staff to help them understand the organisations obligations.