The current regulations
The Data Protection Act (DPA) is the current enforceable regulation in the UK regarding data protection. It can be described as common sense legislation, which protects people’s personal data and holds to account organisations that mishandle data. Eight principles make up the DPA, they can be seen below:
- Principle 1: Personal Data must be fairly and lawfully processed
- Principle 2: Personal Data must only be processed for a specific purpose
- Principle 3: Personal Data held must be relevant, adequate and not excessive
- Principle 4: Personal Data must be kept accurate and up to date
- Principle 5: Personal Data should only be held for a reasonable length of time
- Principle 6: Personal data shall be processed in accordance with the rights of data subjects
- Principle 7: Personal data must be secured against unauthorised or unlawful processing, accidental loss, destruction, or damage
- Principle 8: Personal Data cannot be transferred to a country outside of the European Economic Area unless adequate levels of protection can be ensured
When the GDPR comes into force on 25th May 2018, you will be required to meet additional requirements, some of which include:
- Each organisation will need to record why they are collecting data on individuals, including for what purpose they intend to use it
- Recording processes of how you work with data and consideration that you have the right consent from each individual
- Securing data, auditing data and privileged access to this data will also become mandatory
- You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach.
There are many changes like the examples above, that will change your general working practices.
After we leave the EU, we in the UK will still have Data Protection laws. To prepare us for data protection laws post-Brexit, the UK government released a Data Protection Bill.
At be.Infoready our subscription services are designed to keep you up-to-date with current legislative requirements on data protection. Our products are created and defined specifically to cover these two areas:
UK specific data protection training, providing a fully legislative, complaint, verified training tool that takes each user through interactive web-based learning and assessment. Once the final Data Protection Bill has passed into law, you will receive these UK specific updates via your be.Privacy subscription service.
EU GDPR data protection training. Are you holding data on EU citizens? The you need to be.Infoready for the new EU General Data Protection Regulation laws.
Find out more >
For more information and ongoing developments about Data Protection, please follow our blogs and posts on this subject at our website, Facebook page, Twitter and LinkedIn.
Sign up here