9 August 2018 | Comment

GDPR and what it means for you

Most of you will have received emails or letters from different companies that say they hold your personal data. They may have provided a revised Privacy Notice letting you know how they hold your data and what they do with it.

How businesses handle your data is very important.

Data protection laws have changed and businesses need to keep you up to date with the steps they are taking.

On the 25 May 2018, the General Data Protection Regulation, known as GDPR, came into effect.  GDPR imposes additional obligations on organisations and gives you extra rights around how your data is used.

Organisations should respect the information they hold on you and take the security of that information very seriously.

They should make you aware of how they hold your information and look to publish a Privacy Notice to give you more information on the data they hold on you, what they do with that data, who they share it with and your new rights under GDPR.

GDPR is a regulation in EU Law on data protection and privacy for all individuals within the European Union.  It will also remain part of UK law post Brexit, but it could be amended in the UK thereafter.

The Data Protection Act 1998 is a UK law which is designed to protect personal data stored on computers or in an organised paper filing system.

How long an organisation can hold data on you will usually depend on the agreed practices, for example, we will hold your file of papers for a six years at the end of the case following which it will be destroyed.

A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorised action.  This may be in the form of an organisation sending a letter that should have been sent to you to one of your neighbours in error.  Data breaches may involve personal health information, personally identifiable information, trade secrets or intellectual property.

GDPR basically gives people more control over their personal information and to ensure that companies are handling it correctly.  Companies need your consent to use your data. Companies must report any data breaches within 72 hours of becoming aware of them and could face much bigger fines than they did before GDPR came into effect. 

Europe’s new data protection regulation is already in UK law and promises that you get back control of your personal data in the following ways:

  1. By giving people the right to access their data
  2. By allowing you to correct wrong information held by a company
  3. By allowing you to demand that a company delete all information it holds on you
  4. By requiring companies to get your consent to use your data
  5. By requiring companies to report data breaches within 72 hours of becoming aware of it
  6. By enforcing larger fines when companies do have data breaches.

Companies now have to ensure that they lock data in cabinets, change cloud passwords and update software. 

Disclaimer: The information on the Hugh James website is for general information only and reflects the position at the date of publication. It does not constitute legal advice and should not be treated as such. If you would like to ensure the commentary reflects current legislation, case law or best practice, please contact the blog author.

Business news, knowledge and insight