The GDPR Regulation of May 25th, 2018 provided much-needed improvements to the Data Protection Act (DPA) of 1998. It was felt by many to be long overdue, with the DPA. No, longer fit for the purpose for which it was originally designed. The guideline of DPA 1998 stated that business in the United Kingdom. That is collecting, storing or processing an individual’s details and information. Must, adhere to the regulations as defined by the Data Protection Act of 2018.
For businesses that did not adhere to these regulations, fines could be issued to the organisations of up to £500,000 for failure to comply with the Data Protection Act. Any fines issued under the DPA were typically for data breaches and very often not issued. However, the Data Protection Act had become outmoded because businesses have changed the ways to manage and use personal data. With online shopping, social media due to analysis and online marketing using personal data and trends.
Breach of Data Protection Act is to use or process the personal data illegally, or the person doesn’t know that his data/information is in use for online marketing or any marketing/business that the user didn’t allow the organisation to use their information.
Summarising the principles of the DPA
The Data Protection Act NI applies to every business and organisation based in UK. That was processing an individual’s personal data and information. A set of guidelines, mainly for self-management, were available for businesses.
The keys points of the Data Protection Act (DPA) are set out below; these were the fundamental points that businesses needed to comply with to meet the regulations set out by the DPA. Businesses and organisations must ensure that personal data is
- Used properly and legally;
- is gathered, held and processed for only specified purposes;
- the information should be sufficient and relevant and by no means excessive;
- should be accurate and kept up to date;
- data should not be retained for an excessive period if no longer applicable;
- individual’s rights must not be forgotten when processing data;
- the data is securely stored and processed;
- should not be transferred outside of the UK unless sufficient legal protection is in place.