GDPR (Data Protection)
In the UK, the main legislation governing the collection, processing and distribution of personal data is the Data Protection Act 2018 (the DPA) which stipulates that all businesses must properly handle the personal information given to them by individuals, e.g their customers and employees. It is a European Union (EU) law that came into effect on 25th May 2018 and it governs the way in which we can use, process, and store personal data (information about an identifiable, living person).
GDPR breaches are what the Law Covers i.e. what constitutes a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. (This includes breaches that are the result of both accidental and deliberate causes).
If you handle personal information (and, let’s face it, you are always going to be handling personal information because as a business you have to keep records on your customers), you have a number of legal obligations to protect that information.
The Eight Principles of the Data Protection Act are –
Fair and Lawful Use, Transparency
Specific for Intended Purpose
Minimum Data Requirement
Need for Accuracy
Data Retention Time Limit
The right to be forgotten
Ensuring Data Security
Information (data) you hold must be
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security
Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business
Protecting consumer information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles
Data Protection comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV
Following proper data protection procedures is also crucial to help prevent cyber crimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud