FAQ’s
Please find below a selection of commonly asked questions that relate to our data protection services.
Please note: The content of this webpage does not constitute legal advice and is provided for general information purposes.
What is the difference between the UK GDPR and the Data Protection Act 2018?
a. They work together: Firstly, it is important to note that both the UK GDPR and the Data Protection Act 2018 are intended to work together. Combined, they currently represent the main framework for data protection laws in the UK.
b. Tailoring to the UK: The GDPR (which subsequently became the UK GDPR following Brexit) was an EU regulation which applied to all European Union member states. However, each state has its own legal system and therefore there was a requirement to ensure that the laws laid down by the GDPR were tailored to work for each particular jurisdiction. For instance, separate rules were required for law enforcement agencies and intelligence services. The Data Protection 2018 deals with these aspects for the UK.
c. More ‘meat on the bones’: The Data Protection Act 2018 contains schedules which supplement the UK GDPR by providing a greater level detail in respect of the applicability of the regulation. For instance, it confirms exemptions to certain requirements and also provides greater specificity as to what certain aspects of the GDPR mean.
Who does the UK GDPR apply to?
a. Organisations: Anyone who processes personal data for reasons not relating to private and family life must comply with the UK GDPR. Therefore, this could be an individual, such as a sole trader business, or a limited company. Essentially, if personal data is processed for business or organisational purposes then data protection laws will apply.
b. Living individuals: in terms of who has rights under the UK GDPR, this relates to ‘data subjects’, which means any identified or identifiable living individual to whom personal data being processed relates. So think staff, customers, members of the public etc. As long as they are alive, they will have rights under the UK GDPR insofar as their personal data is concerned.
What the consequences of non-compliance with data protection laws?
a. Reputational damage: The Information Commissioner’s Office (ICO) publicly reports on organisations that do not comply with data protection laws. Furthermore, local and mainstream media can often take a liking to such stories.
b. Financial: The ICO has the power to issue monetary penalties of up to 4% of an organisation’s total annual worldwide turnover.
c. Criminal record: Serious breaches of data protection laws could constitute a criminal offence which can lead to prosecution.
