GDPR and Data Protection Act 2018
The Data Protection Act 2018 replaced the Data Protection Act 1998, and came into effect on 25 May 2018. It sets out the framework for data protection law in the UK. It sits alongside the UK GDPR and Privacy and Electronic Communications Regulations (PECR).
No matter how large or small the business, anyone responsible for using and collecting personal data has to comply with data protection principles, making sure the information is:
- used fairly, lawfully and transparently
- used for specified purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
If your business handles personal data you should:
- Identify and record what personal data you process, where it comes from, why you have it, what you do with it, where you keep it and how long you keep it for
- Identify and document your lawful basis for processing personal data
- Have policies and procedures in place to comply with the Data Protection Act and for individual’s to exercise their rights over their personal data
- Have policies and procedures in place to keep the personal data you handle secure, including agreements and contracts with any suppliers and third parties you share personal data with
- Train your staff so they understand their responsibilities in handling personal data, including how and when to report a personal data breach
How we can help
No matter where you are on your GDPR journey, whether you are just starting up, working towards, or performing an annual review of your compliance, we can help.
We are happy to assist with
- Implementing policies and procedures
- Personal Data inventory and process flow mapping
- Subject access requests
- Data security incident management
- Data handling process reviews and GDPR compliance reviews
Please get in touch by emailing firstname.lastname@example.org for a chat to see how we can help you.
We can provide standard or bespoke GDPR training depending on your business needs. We will work with you to identify which areas of GDPR you wish to cover and can deliver training at your business premises or at mutually agreed locations close by.