Everyone is talking about Data Protection!
What does it mean? The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. This act was established to control how customer or personal information is used by organisations or government bodies. It is an act that protects us all and creates rules about how data regarding people can be used.
The DPA applies to information or data stored on a computer or an organised paper filing system about living people. The Data Protection Act was replaced in May 2018 by the General Data Protection Regulations (GDPR).
Why is the Data Protection Act important?
If you do not adhere to the rules set out by the DPA you may risk prosecution by the Information Commissioner’s office (ICO). Fines can reach up to £500,000 and in some cases imprisonment. This is not to mention the brand damage you will incur where your customers may fail to trust you in the future.
The Data protection Act is important. It provides guidance and best practice rules for businesses and the government to follow with how to use personal data, this includes:
• Regulating the process of personal data
• Protecting the rights of the data
• Enabling the Data Protection Authority (The ICO) to enforce rules
• Holding organisations liable to fines in the event of a breach of the rules
The DPA’s rules are very thorough and cover guidelines around sharing of data and data security. At the heart of it are eight common sense rules known as the ‘data protection principles’ that all organisations collecting and using personal information are legally required to comply with. The law provides stronger protection for more sensitive information such as:
• Ethnic background
• Political opinions
• Religious beliefs
• Sexual life
• Criminal history.
How will BREXIT affect data protection?
Since 2016 when we voted to ‘leave’ the EU, it’s been hard to ignore that a lot of negotiations have taken place between the UK and other EU countries. Discussions have been over the “divorce” deal which sets out precisely how the UK leaves.
Data protection is not likely to be at the forefront of people’s minds in view of the impact of Brexit, whether the deal be a soft or hard, deal or no deal. The UK government has actually issued papers about several topics in a ‘no deal’ situation and one of these is titled: Data Protection if there’s a no Brexit deal which you can read here.
This means you cannot assume you can transfer the personal data of EU data subjects out of the EEA. If you do, when you shouldn’t, you may be fined or face other sanctions.
What the ICO are saying
To help organisations prepare for a ‘no deal’ Brexit, the ICO has published a short guide for UK businesses: ‘Six Steps to Take’. We have included the link at the bottom of this article.
1. Continue to comply with GDPR and follow ICO guidance.
2. Transfers to the UK: Review data flows and identify where your organisation receives data into the UK from the EEA to ensure enough safeguards are in place to allow the continued flow of personal data.
3. Transfers from the UK: Identify data flows to countries outside of the UK, as these will fall under new UK transfer and documentation provisions.
4. European operations: For organisations that operate across Europe, data flows, processing operations and group structures should be reviewed to fully understand the effect of Brexit on operations.
5. Documentation: Identify privacy documentation in the event it needs to be updated when the UK leaves the EU.
6. Organisational awareness: Ensure key people in the organisation are aware of these key issues and that plans are up to date.
Leaving the EU – Six steps to take
After reading this article we would like to ask you: Have you got a hold on your data protection? Are you doing enough?
It’s all about having a good governance on your data protection. Please do get in touch and we can organise a Health Check for your business to ensure you are doing all you can to be compliant. We have a very skilled and dynamic team of specialists and we will guide you step by step through regulation compliance.