Step back to the launch of the EU-General Data Protection Regulations (EU-GDPR) … the hot topic of 2018 … and it’s introduction into UK law, tailored under the Data Protection Act 2018 (DPA 2018). Has this topic remained present in your day-to-day practices or been left at the front door?
Data protection defines the fair and proper use of people’s information. It is part of the fundamental right to privacy – and on a practical note it is also about how you handle people’s personal data.
EU-GDPR has rapidly evolved and current case law now highlights large-scale fines being issued by the Information Commissioners Office (ICO) for failures to ensure that day-to-day working practices protect the use of personal data. Large institutions such as Facebook recently fined $5 billion, Marriott Hotels fined £100 million and British Airways fined £183 million have found themselves under the spotlight for the loss or misuse of people’s data. They have not only been ‘fined’ this considerable sum but, under Article 82, exposed to a right to compensation for non-material damage; meaning compensation for inconvenience, distress and annoyance associated with the data leak to each individual.
These examples demonstrate how EU-GDPR is making its presence felt across businesses that must now be accountable for the personal data they hold.
A key document under the Data Protection Act 2018 every Company must have in place is a Privacy Notice.
Privacy Notices Article 13
The Privacy Notice tells individuals what you will do with their data. This Notice is layered with configuring data and tells individuals why their data is being collected. Under Article 13 when collecting personal data this document provides individuals with the purpose for processing their personal data, retention periods for that personal data, whether there are other recipients of the personal data, whether it is intended to be shared with another country and whether organisation use any automated decision making processes; all at the time of collection. The information you provide must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.
Does your Company currently have the correct documentation in place under the Data Protection Act 2018?