Changes to the Data Protection Act - GDPR

The UK GDPR / Data Protection Act 2018 / EU GDPR - this new regulation extends the rights of the individual and ensures legislation matches the ever changing technology around us.

Some of the changes under the UK GDPR / Data Protection Act 2018 and GDPR include:

New rights for data subjects

• The right to be forgotten - an individual can ask for their personal data to be erased
• The right to data portability - where individuals have provided personal data to a service provider, they can request the provider to 'port' the data to another provider
• The right to object to profiling - the right not to be subject to a decision based solely on automated processing

Changes to consent

• Must be explicit, non-ambiguous and given freely
• Can be withdrawn

Increased fines for data breaches

• Fines are substantial - the ICO will have the power to impose fines of up to 4% of total annual turnover or €20,000,000

Data Protection Officers

• A designated post of Data Protection Officer who will be strategically responsible for GDPR

Mandatory breach notification

• Organisations must notify breaches 'without undue delay' or within 72 hours. If there is a high risk to individuals, they must be informed as well

Privacy by design

• Organisations should design data protection into development of business processes, new systems and undertake Privacy Impact Assessments (PIAs)

Need advice?

You can contact us at gdpr@derby.ac.uk