GDPR Data Protection Consultancy UK Europe

UK Data Protection Law

 

What You Need to Know About GDPR



Who Is Affected by GDPR?

The General Data Protection Regulation (GDPR)and the UK Data Protection Act 2018 (DPA) came into effect across the European on  25th May 2018. The scope of the GDPR, together with the DPA, is far reaching and will impact all business (no matter how small) where they use Personal Data (e.g. employees, customers or clients).

The GDPR applies in every country in the EU but also applies to organization or businesses outside the EU who provide goods or services, or who target recipients with their goods or services, inside the EU. In most cases, even international companies (outside the EU) will hold or use Personal Data belonging to EU citizens or otherwise use that data inside the EU for a variety of purposes. Consequently, all companies will need to demonstrate that they have compliant data protection systems and controls in place and can meet the core principles of the GDPR and DPA. GDPR will continue to apply whether the UK leaves the EU or not.
 

If you are looking for a GDPR data protection consultancy in the UK and would like to learn more about your rights and responsibilities, please get in touch with us at DPP.

Arrange A Call Back   Find Out More About DPP  

 

If you are looking for a GDPR data protection consultancy in the UK, and would like to learn more about your rights and responsibilities,
please get in touch with us at DPP.


 

A Summary of GDPR


Article 5 of the GDPR sets out the ‘core principles’ that all organisations and businesses handling or using personal data in any way, and for any purpose, must meet at all times: These include ensuring that personal data is:

 

 

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

 

4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);

5. not kept for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);

3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

In addition to this, there are also a number of technical rules and restrictions that prevent organisations and businesses from transferring personal data outside the EU or UK without first ensuring appropriate legal personal data transfer mechanisms have been deployed.

 

GDPR Data Protection Consultancy

 

 

GDPR Data Protection Consultancy in UK and Europe

The GDPR and DPA also set out a number of expanded rights and freedoms for individuals including:

  • The right to access their data
  • The right to be forgotten
  • The right to move their data
  • The right to be informed that their data is being gathered
  • The right to have their data corrected
  • The right to restrict processing of their data
  • The right to stop their data from being used
  • The right to be informed of any data breaches

 


 

Compliance

To comply with GDPR and the DPA, your company will need to behave and act in accordance with the core principles and ensuring the rights and freedoms of individuals can be met by:

  • Having a governance structure in place setting out the roles and responsibilities of individuals within your organisation in regard to data protection
  • Keeping a detailed written record of all personal data processes
  • Carrying out PIAs (Privacy Impact Assessments) for high risk operations
  • Implementing the right technical and organization measures to preserve the integrity of personal data
  • Conducting staff awareness and training
  • Having compliant websites and cookies technology

 

 


 

 

 

The way companies acquire consent, gather data and manage data, has changed substantially and it will need to be shown that all processes are compliant with GDPR.

Failure to do this, could leave you liable to serious penalties and fines from the ICO (up to €20 million or 4% of global turnover (whichever is greater). For a better understanding of GDPR and how it affects your business, get in touch with one of our data protection consultants today.

 


 

GDPR and Brexit

The UK government passed the Data Protection Act in 2018 to work alongside and help tailor the GDPR to the UK, post-Brexit. The GDPR will remain in force in the UK after Brexit including the same penalties and sanctions for non-compliance. By aligning with the EU in this way, the UK will hope to demonstrate that it remains a safe place for individuals’ personal data to be processed whilst ensuring an uninterrupted flow of data (and business) if or when Brexit does occur.

Failure to ensure your business has the right legal controls to successfully import and export personal data from the UK after Brexit could leave you exposed to heavy fines, sanctions, complaints and interruption to your business.

Whilst likely that the EU will eventually grant the UK ‘adequacy’ status to facilitate, automatically, uninterrupted flows of personal data once the UK leaves the EU, the reality is that this is unlikely to happen in time for Brexit meaning your will need to take appropriate legal advice to ensure you meet legal and regulatory requirements if you have any dealings or relationships with other businesses outside the UK

With the potential still for the UK to leave the EU with ‘no deal’, the impacts of not having the correct procedures and processes in place could be even more acute.  Businesses that process data between the EU and the UK, regardless of the outcome of Brexit, will still need to adhere to EU GDPR and data protection legislation.

More About Our Data Protection Services

 

If you are seeking advice in this area, please get in touch with us at DPP today to learn more.