250619 010

Data protection

Significant advancements in the field of information and communication have radically increased the ease with which data may be collected, transmitted, stored, manipulated and, most importantly, disseminated.

Category
Information management

Significant advancements in the field of information and communication have radically increased the ease with which data may be collected, transmitted, stored, manipulated and, most importantly, disseminated. These developments, together with a general increase in awareness of fundamental rights, particularly the right to privacy, have led to legislative changes and the emergence of a new regime of privacy protection.

Overview of the General Data Protection Regulation

The most significant development in this area that affects organisations, regardless of the sector, is the General Regulation of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). It examines the nature and scope of the regime and the rights of data subjects. It also provides information on the obligations of controllers and processors and summarises the restrictions on the transfer of personal data outside the EU.

The GDPR replaced the Data Protection Directive when it became directly applicable from 25 May 2018. The reform was intended to respond to new technological challenges and to put in place a harmonised framework for the protection of personal data. Because the GDPR was incorporated into UK legislation – via the Data Protection Act 2018, amended on 1 January 2021 to reflect the UK’s status outside of the EU – its requirements survive the UK’s exit from the EU, and all organisations handling data must have regard to it.

Although originating within the European Union, the legislation builds upon existing UK data protection law to strengthen the protection of an individual’s personal data. It requires that the personal data of every UK citizen, especially if sensitive, must be protected, however and wherever it is stored.

The GDPR applies to an organisation if it:

  • alone or with others determines the purposes for processing personal data relating to living individuals (known as acting as a data controller) or processes personal data relating to living individuals strictly i

Register for an account

Create an SGA account and gain access to all our resources and courses.

Register

Already have an account? Log in.