How Has the Data Protection Act Been Changed?

People talk about the General Data Protection Act (GDPA), which came into effect in May 2018 in the UK, as something new. In many ways, the new Data Protection Act is an update of the preexisting 1996 Data Protection Act, which was deemed to need revision due to rapid technological advancements since the 1990s. The new guidelines run to 99 articles which fill 88 pages and mean that Europe boasts the strongest data protection laws in the world.

There are two main aspects to the GDPA.  The first part of the legislation details the obligations of businesses which regularly have to process data – whether they are in the private or public sector.  The GDPA has been encapsulated in 8 principles of conduct that all organisations should abide by.  These rules emphasise that people’s data should be used fairly and transparently, and all efforts should be made to ensure it is both accurate and up-to-date.  Personal data should be used for the explicit purpose for which its collection was intended and be erased when it is no longer needed.  There is also stronger protection for what is considered ‘sensitive’ information.  This includes details about someone’s political affiliation, religion, state of health, etc.

In light of recent data breaches which have affected many different businesses from airlines to social media, the GDPA states that people’s data should be securely protected from any unlawful access, loss, damage, etc.  If security is compromised, the firm has 72 hours to inform the ICO (Information Commissioner’s Office).  This is the regulator which is responsible for overseeing the implementation of the legislation and if necessary, carrying out criminal investigations.  Firms which employ more than 250 employees must hire a DPO (Data Protection Officer) so that firms can ensure their compliance.

As part of their regulatory role, the ICO has greater powers to punish offenders.  Under the previous Data Protection Act, they could only impose fines of up to £500,000.  However, now they are entitled to fine businesses 2% or 4% of a company’s global turnover or 10/20 million euros (whichever is the greater).

The revised GDPA includes a new provision that directly impacts customers and/or consumers. As part of this change, individuals now have the right to submit a Subject Access Request free of charge in order to obtain information about their stored data. This access also allows for requests to update, restrict, or erase data as needed. Additionally, the Act promotes greater portability of personal details, granting consumers the ability to authorize the transfer and reuse of their data with other companies. In certain situations, individuals can choose to opt out of their data being used for automated decision-making or consumer profiling purposes.

In a world where so much is stored on computer, revising the original Data Protection Act was long overdue.  This doesn’t necessarily mean the internet is solely negative, especially as you can access online payday loans.  Apply online here for a streamlined application procedure.