Data protection act 2018

  •   GDPR Summary

    The key changes including in the General Data Protection Regulation (GDPR): 

    • The Regulation will enforce tough penalties – proposed fines up to 4% of annual global revenue or €20million, whichever is greater.

     

    • Even though the UK will not be in the EU in post-Brexit, we will still have to comply with the Regulation. Although regulation beyond EU borders will be a challenge, those providing products or services to EU customers or processing their data may have to face the long arm of the law if an incident is reported.
    • keeping up with gdpr requirements

      The EU General Data Protection Regulation (the “Regulation”) came into effect on 25 May 2018, replacing the Data Protection Act 1998. The GDPR requirements largely repeat the security principles set out in the DPA, although with a much tougher regime and more severe sanctions for breach.

      This change has brought about business challenges for which there is little, if any, legislative or regulatory clarity at present.

       1. How does controllerand processorliability work in practice? 

    • Subject Access Request and Confidential References

      A Subject Access Request (SAR) is a written request from an individual, in relation to their access to information, which they are entitled to ask for under the Data Protection Act.

      There has been some debate on what must be included in an SAR:

      Recently in relation to the inclusion or exemption of confidential references. As previously, under the Data Protection Act 1998, employees had the right to access their personal information, including references from current or former employers, although employers did have the right to refuse disclose of this information to the employee. In this instance, an employee could overrule the employer’s decision by applying to the recipient employer regarding their reference, whereby the employer could not decline disclosure.

    • Territorial Scope of GDPR

      A common scenario involves country-level sites managed by a central team with some in the EU, and some outside. 

      The question is, will all the sites be in scope of GDPR as EU visitors may access any of the sites while visiting those countries?

    •  

      Data processor

      A cloud service provider of apps and storage for businesses is a data processor. However, that does not mean it is not exempt from appointing a Data Protection Officer (DPO) if the data processed presents potential risks to the rights and freedoms of others, or large scale systematic processing.

    •  Right to be forgotten

      Companies need to consider what technical measures they can take in an effort to adhere to the data subject's right to erasure, or 'right to be forgotten'.

      Anonymisation ensures that the anonymised data is no longer identifiable to a person. Therefore, it is no longer considered personal data under GDPR. Where anonymisation has been done, and a subject access request (SAR) follows, you would be then able to explain that you no longer have personal data related to that subject on your database. That said, anonymised data is very hard to achieve perfectly and leaves some risk unless performed properly.

    •  

      Data Protection Officer

       Under the GDPR, you must appoint a data protection officer (DPO) if you:

      1) are a public authority (except for courts acting in their judicial capacity);
      2) carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or

      3) carry out large scale processing of special categories of data or data relating to criminal convictions and offences.

Make a free enquiry, call now

0151 659 1070




Please let us know your name.



Please enter a valid telephone number



Please let us know your email address.



Please let us know your message.

Please tick the box below

Invalid Input

Invalid Input
I understand that by submitting my query to you, my personal data (name, email address and contact number) will be processed by you in order to contact me and assist me with my query. I confirm I have read and understood the Privacy Notice and I consent to you processing my data for the purpose of contacting me to assist me with my query.




How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070