General Data Protection Regulation (GDPR)

We have had data protection legislation in the UK since the first Act in1984, with several amendments and additions over the subsequent years. Personal data are defined as factual information relating to a living individual. The GDPR is a new regulation that comes into force, Europe-wide, on 25th May 2018 with the intention of bringing greater harmonisation between the countries under its jurisdiction. Jeremy Holt, senior partner in Swindon-based solicitors, Clark Holt, visited our offices recently to remind us of the intention of the original legislation and take us through the main points of the new Regulation. There are 8 data protection principles, as follows: Personal information -

1. must be fairly and lawfully processed
2. must be processed for limited purposes
3. must be adequate, relevant and not excessive
4. must be accurate and up to date
5. must not be kept for longer than is necessary
6. must be processed in line with the data subjects’ rights
7. must be secure
8. must not be transferred to other countries without adequate protection

The Data Controller is the person who “owns” the data and he or she is responsible for ensuring that the data is processed according to these 8 principles. The Data Processors carry out the actual work and there are direct obligations and responsibilities imposed by the Regulation on them but the Controller has the ultimate responsibility in ensuring that the Processors comply with the legislation. With fines of up to €20m, this is clearly not a matter to be taken lightly! Naturally, we can only touch upon the subject here but further information can be obtained by visiting Clark Holt’s website at www.clarkholt.com.