How we deal with data protection within the EU significantly changed on 25th May 2018. The vast majority of the population are aware of the coming into force of the General Data Protection Regulation due to the abundance of emails in their inbox providing them with updated Privacy Policies or asking them for consent to use their personal data. However, less well publicised was the fact that on the same date, the UK’s Data Protection Act 2018 received the Royal Assent. So what does the Data Protection Act 2018 differ from the GDPR?Firstly, the GDPR has direct effect across all EU...

So – what is a Code of Conduct?Article 40 of the GDPR refers to the use of codes of conduct in order to contribute to the proper application of the GDPR, taking into account specific features of the various processing sectors and specific needs of micro, small and medium-sized enterprises. The ICO has now issued guidelines in relation to use of codes of conduct covering UK processing. Whilst the ICO are not responsible for drafting codes of conduct, they are responsible for approving all codes drafted by trade associations or other bodies representing a sector. Trade associations and other representative bodies can...

With the imminent arrival of GDPR, thousands of organisations across Europe, small and large, are undoubtedly having a last minute panic - trying to work out what personal data they hold, where they store it, what they should and shouldn’t be doing with it, whether they should in fact be using it and how long they can hold it for.This last consideration is one that is easy to ignore but is very important if the GDPR is to achieve its aims. Businesses can no longer store boxes full of client files containing personal details in storage cupboards and forget about them,...

The GDPR aims to increase protection of personal data, promote accountability and transparency by data controllers and harmonize data protection laws across the EU.  Some personal data is given “extra” protection due to its sensitive nature and the GDPR calls this special category data.Special category data is similar to the concept of sensitive personal data under the 1998 Act. The GDPR has expanded the category slightly by adding genetic and some biometric data in the definition. Another differentiating factor is that the GDPR definition does not include personal data relating to criminal offences and convictions, instead setting separate safeguards for this...

The Information Commissioners Office is the UK’s independent body uphold information rights in the public interest, covering data protection legislation including the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and of course the General Data Protection Regulation (GDPR).The ICO’s data protection work is currently funded through fees levied on organisations processing personal data, unless they are exempt. This is done under powers granted in the Data Protection Act 1998. The funding model is changing slightly and in February, the Government announced a new charging structure for data controllers to ensure the continued funding of...