Connect with the best industry experts to learn more and become compliant
Understand if your business is impacted by UK Data Protection Act 2018
What is UK DPA-2018?
Before understanding how to achieve DPA compliance, it is important to understand what kind of businesses are obligated to comply with UK DPA.
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Who does DPA apply to?
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- biometrics (where used for identification)
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
How does the Data Protection Act affect businesses ?
Data protection legislation applies to any information an organisation keeps on staff, customers or account holders and will likely inform many elements of business operations, from recruitment, managing staff records, marketing or even the collection of CCTV footage.
While you might be obligated to provide additional protections for handling special category information, personal data of all kinds must be adequately secured, accurate and up to date, whilst facilitating and satisfying the rights of subjects.
Depending on the types of storage, processing or transportation that your business conducts upon personal data, at least some methods of encryption, segmentation and pseudonymisation will likely need to be applied, and specialist expertise should be sought if you’re unsure about any technical elements of these processes.
With regards to the technical specifics on technological compliance, the ICO and many other organisations provide detailed explanation of organisational obligations. You can connect with experts at Ayottaz to understand how you can make your operations compliant with DPA obligations.
Rights available for subjects under DPA
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances
You also have rights when an organisation is using your personal data for:
- automated decision-making processes (without human involvement)
- profiling, for example to predict your behaviour or interests