Confidentiality and data protection
The Data Protection Act 2018 is a law that empowers and protects the rights of individuals when it comes to the processing of their personal data.
The new Act was implemented alongside the General Data Protection Regulation 2016 (GDPR) with both coming into force in 2018.
It had been updated to expand the definition of personal data to include biometric data and revise the special category data (sensitive personal data).
An accountability principle has also been added which is designed to ensure that all Data Controllers (the Âé¶¹Ó°ÊÓ) have further accountability when it comes to ensuring that the data subject's information is processed in accordance with the principles.
There are six further principles that, if broken, can lead to prosecution not only for the Âé¶¹Ó°ÊÓ but of the individual employee. These state that data must be:
- Data minimisation
- Storage limitation
- ±õ²Ô³Ù±ð²µ°ù¾±³Ù²âÌý²¹²Ô»åÌýconfidentiality (security)Â
The Incident reporting framework has also been updated with all organisations now having a 72 hour reporting deadline. The fee for a monetary penalty has also risen from Â£500,000 to 20 million Euros or 4% of the gross annual turnover of the organisation. There will be a tiered approachÂ depending on the size of theÂ business and the level of data that has been breached.
It also changes the rules on consent and extends individualsÂ rightsÂ to include:
- Right to be informed
- Right to erasure
- RightÂ to rectification
- Further information can be found on theÂ
The Data Protection Officer can be contacted at the below email address:
For further details, please see: