Your guide to the Data Protection Act 2018 (DPA 2018) and the EU General Data Protection Regulations (GDPR)
Data Protection and privacy are fundamental rights in today’s world of work. It’s important that your data processes are legally compliant and that all your employees understand the importance of data confidentiality and security. Your organisation could face large fines if you don’t follow the DPA 2018 & GDPR.
The Data Protection Act 2018 (DPA 2018) incorporates the EU’s General Data Protection Regulations (GDPR). Its purpose is to protect the personal information of individuals from security and privacy breaches. Importantly, DPA 2018 gives people the right to know who holds their personal information, why they have it, how they got it and what they’re doing with it.
You must always be ready to answer these queries with accurate information and comply with data audits. This means proving your processes are compliant if you are challenged. Failure to do so can result in an eye-watering fine or other sanctions from the Information Commissioner’s Office (ICO).
Every part of your company needs to be aware of best practices around data protection, as many of your employees handle personal data on a daily basis. That could include details of other employees both past and present, customer information or sales leads.
The GDPR was enshrined into UK law as part of the Data Protection Act 2018. However, GDPR applies to any company in the world that processes the personal data of EU citizens.
Google has been fined €50 million for breaking GDPR rules. French data regulator CNIL judged that Google didn’t properly inform people about how their data would be used for advert personalisation. This constituted a “lack of valid consent”.
Fines can be up to 4% of annual global turnover or €20 million – whichever is greater. But not all breaches lead to fines. Organisations might receive warnings, an order to erase data or even the suspension of data processing operations in their business.