Changes to the Data Protection Act - GDPR

The UK GDPR / Data Protection Act 2018 / EU GDPR - this new regulation extends the rights of the individual and ensures legislation matches the ever changing technology around us.

Some of the changes under the UK GDPR / Data Protection Act 2018 and GDPR include:

New rights for data subjects

  • The right to be forgotten - an individual can ask for their personal data to be erased
  • The right to data portability - where individuals have provided personal data to a service provider, they can request the provider to 'port' the data to another provider
  • The right to object to profiling - the right not to be subject to a decision based solely on automated processing

Changes to consent

  • Must be explicit, non-ambiguous and given freely
  • Can be withdrawn

Increased fines for data breaches

  • Fines are substantial - the ICO will have the power to impose fines of up to 4% of total annual turnover or €20,000,000

Data Protection Officers

  • A designated post of Data Protection Officer who will be strategically responsible for GDPR

Mandatory breach notification

  • Organisations must notify breaches 'without undue delay' or within 72 hours. If there is a high risk to individuals, they must be informed as well

Privacy by design

  • Organisations should design data protection into development of business processes, new systems and undertake Privacy Impact Assessments (PIAs)

Need advice?

Contact gdpr@derby.ac.uk or +44 (0)1332 592151.

Our Data Protection Officer is Mrs Helen Selby. You can contact her directly on +44 (0)1332 591954.