Data Protection Provisions

The Data Protection Act 1998 aimed to balance the entitlement of organisations to collect, store and manage various types of personal data, with the privacy rights of the individual about whom the data was held.

The Act covered both manual and computerised records that, when put together with other information, could divulge personal information about an individual. It gave individuals certain rights, and required decision-makers to be open about processing and to comply with the eight data protection principles.

On 25 May 2018, the Data Protection Act is replaced by the General Data Protection Regulation (GDPR). There are no exemptions based on a size or sector — all organisations must comply with its requirements in full or face a hefty potential fine. On the whole, the rights individuals will enjoy under the GDPR are the same as before but with some significant enhancements.

This topic provides information on handling and processing personal data, employees’ rights of access, dealing with data loss and the penalties employers may face for breaches of the GDPR.

Business Essentials Newsletter

Since you're here... Why not sign up to our free weekly newsletter?

Remain compliant and stay ahead of industry changes in Business Essentials.