Background to the GDPR and the UK Data Protection Act 2018
Technological change means personal data is now so important and valuable to organisations that it’s been described as the “new oil”.
In May 2018, redesigned legislation protecting personal data came into force across the EU, including the UK. It’s creating a whole new industry surrounding GDPR compliance, but for people who aren’t data protection professionals, the language used can be confusing and misleading.
This page provides some basic background explaining why legislation was needed and the implications for your organisation.
PERSONAL DATA – THE ‘NEW OIL’
Every organisation now relies on personal data for
Why legislation was needed
- Even if it was sensitive, private or unnecessary
- Without a specific purpose
- Without ever deleting it
- Without suitable protections
The previous legislation was 20 years old, and hadn’t kept up with new technology or consumer trends.
THE GDPR AND DATA PROTECTION ACT 2018
The GDPR is new, EU wide, legally binding legislation
- Access their data, ensure it is correct, modify it or have it deleted
- Receive it from the organisation in a portable format
- Sector specific (e.g. FCA / Caldicott / NHS DSPT)
- Information security (e.g. ISO 27001)
- International (Privacy Shield etc.)
- Privacy and Electronic Communications Regulations (PECR)
What should organisations be doing?
- are a public body
- process data on a large scale
All organisations must be TRANSPARENT in the way they process personal data and ACCOUNTABLE for doing so