The GDPR Regulation of May 25th, 2018 provided much-needed improvements to the Data Protection Act (DPA) of 1998. It was felt by many to be long overdue, with the DPA. No, longer fit for the purpose for which it was originally designed. The guideline of DPA 1998 stated that business in the United Kingdom. That is collecting, storing or processing an individual’s details and information. Must, adhere to the regulations as defined by the Data Protection Act of 2018.
For businesses that did not adhere to these regulations, fines could be issued to the organisations of up to £500,000 for failure to comply with the Data Protection Act. Any fines issues under the DPA were typically for data breaches and very often not issued. However, the Data Protection Act
had become outdated as the way businesses manage and use personal data has completely changed. With online shopping, social media due to analysis and online marketing using personal data and trends.
Breach of Data Protection Act is to use or process the personal data illegally or the person doesn’t know that his data/information is in use for online marketing or any kind of marketing/business that user didn’t allow the organisation to use their information.
Summarising the principles of the DPA
The Data Protection Act NI applied to all UK based businesses and organisations. That was holding or processing individuals personal data and information. A set of guidelines were available for businesses, mainly for self-management.
The keys points of the Data Protection Act (DPA) are set out below; these were the fundamental points that businesses needed to comply with to meet the regulations set out by the DPA. Businesses and organisations must ensure that personal data is
- Used properly and legally;
- is fairly acquired, held and processes for only specified purposes;
- the information should be sufficient and relevant and by no means excessive;
- should be accurate and kept up to date;
- data should not be retained for an excessive period if no longer applicable;
- individual’s rights should always be considered when processing data;
- the data is securely stored and processed;
- should not be transferred outside of the UK unless sufficient legal protection is in place.
Any businesses that were found to be in breach of the Data Protection Action 2018 could receive from the Information Commissioner’s Office (ICO), financial penalties as much as £500,000. With the urgent need for the Data Protection Act (DPA) to be reviewed, the DPA was replaced with the EU General Data Protection Regulation (GDPR). In summary, each and every business in the EU needed to comply with the GDPR Regulations from May 25th, 2018. Or potentially suffer from much stiffer financial penalties.
GDPR, the updated Data Protection Act 1998
If you have a business in the EU, then you will be aware of the General Data Protection Regulation, (the GDPR). It all started in 2012 when the European Commission laid down the basis of reforms of data protection to be applied across all member states within the EU. These reforms were put in place to ensure that Europe is in line with an ever-evolving and modern digital revolution. That requires extra safeguards and protection for users who readily divulge private information online. The implications of this new legal infrastructure apply not only to all organisations in Europe but also globally for any organisation. That processes data of individuals within Europe.
What are the main entities of the GDPR?
Under the GDPR there are three data entities:
- The data controller. This may be a single person within an organisation, or it may be a public authority or agency.
Ultimately, the data controller is the body that determines “the purposes and means of processing of personal data”;
- The data processor. Again, this may be an individual or public body who carries out the actual processing of personal data on behalf of the controller.
- Data Protection Officer. This is a new entity brought into force by the GDPR and the role of the DPO is “to ensure that an “organisation processes the personal data of its staff, customers, data providers or any other individuals (also referred to as data subjects) with GDPR compliance with the applicable data protection rules.”
The GDPR places a higher level of liability upon processors and controllers who are legally required to ensure that GDPR. GDPR compliance is in place across the organisation and concerning all third-party contracts.
- The GDPR backbone is to ensure there are solid standards for the protection and privacy of data that is held by organisations but also to ensure that businesses can benefit in this global digital economy.
- The regulations have been developed over many years to reflect how we live now, in this digital era, especially focusing on the areas of protection, privacy and consent.
- The GDPR Regulations have been designed in such a way as to not only regulate but to speed up global business internet usage.