EU General Data Protection Regulation

In the UK, the Data Protection Act 1998 sets out the principles of data protection in compliance with European legislation.

The more recent approval of the EU General Data Protection Regulation (GDPR) has imposed some changes on the operation of UK data protection law, though not to the principles which apply.

The changes, which are intended to strengthen and unify data protection for individuals within the EU, include:

  • Increased powers for regulators to fine organisations which fail to comply with data protection law. Fines can be levied up to €10 million or 4 per cent of the organisation's worldwide turnover;
  • Data controllers will have to be able to demonstrate compliance with the GDPR, which may mean implementing additional records and procedures to prove compliance;
  • The GDPR prohibits the assumption of 'implied' agreement for personal data to be retained and used. Consent must be 'freely given, specific, informed and unambiguous'; and
  • A data subject can normally require that their personal data is deleted in appropriate circumstances.

This list is not comprehensive.

This legislation will continue to apply until Britain leaves the EU, and may well be substantially retained thereafter, depending on the Brexit terms.

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.
  • Contact Us

    Tel: 01276 681217
    DX: 46953 Frimley
    Fax: 01276 691290
    E: law@brooks-partners.co.uk

  • Let us call you back

     
    Your Details

    Please enter the letters shown

  • Online Enquiry

Stack of newspapers