FREQUENTLY ASKED QUESTION ABOUT
Data protection, and the legislation governing it, controls how organisations use personal information. Anyone managing personal data must ensure that the data they hold is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- accurate and, where necessary, kept up to date
- kept no longer than is necessary
- used in a way that is adequate, relevant, and limited to only what is necessary
- handled in a way that ensures appropriate security
Personal data covers things like locations, names, addresses, like an email address, IP address or your home address.
The Data Protection Act (DPA) 2018 governs data protection in the UK.
You’ve probably heard of General Data Protection Regulation (GDPR). This is an EU law that the UK implemented via the Data Protection Act 2018.
The DPA 2018 is the UK’s version of GDPR.
General Data Protection Regulation is an EU law governing data protection and privacy. The UK implemented GDPR into its own domestic law via the Data Protection Act 2018.
GDPR is known as the toughest privacy security law in the world, due to its stringent rules and regulations relating to the collecting and processing of data in the EU.
GDPR does not apply in the UK. The UK’s own regulation, the Data Protection Act 2018, contains GDPR requirements, rights, and obligations. This means that, post-Brexit, not much has changed for UK businesses.
The EU recognises the Data Protection Act 2018 and the EU retained law version of GDPR as offering the same level of protection as GDPR, which means information can flow freely between the EU and the UK.
It probably is genuine. The ICO go through Companies House to see who has, and who hasn’t, registered with them. If you’ve received a letter, despite having had your business for a while, this is probably what has happened.
If you aren’t sure, always get in contact with the ICO or check their website.
Data protection breaches are one of the most common pitfalls for businesses. The fines can be large, even if the breach is unintentional.
The UK Data Protection Act 2018 set a maximum fine of £17.5 million, or 4% of annual global turnover (whichever is greater).
Under EU GDPR, the maximum fine is €20 million or 4% annual global turnover.
This is California’s version of GDPR. Introduced in 2018, it is sometimes known as the CCPA. It’s not as strict as GDPR and should be considered if you or your clients are based in California.