How well companies are storing your data before the General Data Protection Regulation?
In the past few months, more so in the past few weeks, we have been receiving letters and emails upon emails from companies about privacy policies changing. Most people, if not all are probably thinking about what is all this about; most specifically what is GDPR (General Data Protection Regulation).
The Data Protection Act 1998 until the 25th May 2018 was the UK law governing how personal data is processed, stored and protected by organisations, businesses and even the government.
Controllers with access to this data followed somewhat strict rules known as the ‘data protection principles’ which means that they had to ensure the information they have access to. Data Subject Access Requests (DSAR) is one of the data subject rights conferred under the General Data Protection Regulation (GDPR).
- Used fairly and lawfully
- Utilised for limited, specifically stated purposes
- adequately used, relevant and not excessive
- Kept for no longer than is necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the EEA without adequate protection
With especially more stringent legal protection for sensitive information such as:
- Ethnic background
- Political opinions
- Religious beliefs
- Sexual health
- Criminal records
If the Data Protection Act 1998 was effective in safeguarding citizens’ personal information then why has the General Data Protection Regulation been introduced and why is every company so serious about incorporating this?
Possibly, because many corporate giants are misusing this information in light of recent advancements and de