GDPR – Data Protection Act 2018
The General Data Protection Regulation (GDPR) is a set of EU-wide data protection rules that have been brought into UK law as the Data Protection Act 2018. This became Legislation or Law on 25th May 2018.
Under the Data Protection Act 2018, an individual has the right to find out what information the government and other organisations/companies store about them and how they use that information.
We live in a data-driven world and almost all transactions and interactions that you have with most organisations involves you sharing personal data, such as your name, address, telephone number, email address and birth date. You share data online too, every time you visit a website, search for or buy something, use social media or send an email or use an App.
Sharing data helps makes life easier, more convenient and connected. But your data is your data. It belongs to you so it’s important your data is used only in ways you would reasonably expect, and that it stays safe. Data protection law makes sure everyone’s data is used properly and legally.
The GDPR applies to two types of data handler: data controllers and data processors. You’ll need to know which category you fall under.
Data controller: a person or organisation who decides what data should be collected and how it should be used.
Data processor: a person who processes data on behalf of a data controller and has no input into how it’s used.
One crucial difference is that data processors have legal liability if a breach takes place.
Everyone responsible for using personal data has to follow strict rules called ‘the six data protection principles plus 1’. They must make sure the information is:
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and, where necessary, kept up to date and kept for no longer than is necessary
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
- Remains confidential and maintains it’s integrity even if it falls into the wrong hands.
- The Plus 1 is the most significant addition, which is Accountability and Compliance! Not only do you need to ensure compliance with the above six principles, you must be able to demonstrate this compliance too. It is probably the most important of the principles.
The Information Commissioners Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
There are a number of tools available to the Information Commissioner’s Office for taking action to change the behaviour of organisations and individuals that collect, use and keep personal information. They include criminal prosecution, non-criminal enforcement and audit. The Information Commissioner also has the power to serve a monetary penalty notice on a data controller.
The tools are not mutually exclusive. We will use them in combination where justified by the circumstances.
The main options are:
- serve information notices requiring organisations to provide the Information Commissioner’s Office with specified information within a certain time period;
- issue undertakings committing an organisation to a particular course of action in order to improve its compliance;
- serve enforcement notices and ‘stop now’ orders where there has been a breach, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law;
- conduct consensual assessments (audits) to check organisations are complying;
- serve assessment notices to conduct compulsory audits to assess whether organisations processing of personal data follows good practice;
- issue monetary penalty notices, requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act occurring on or after 6 April 2010;
- prosecute those who commit criminal offences under the Act; and report to Parliament on issues of concern;
In addition to the GDPR online course that addresses and highlights all the issues that you need to know to be aware, Lionheart Solutions also offers the following Data Management Services, including:
- encryption and monitoring of files
- cyber security
- data protection audits
- certified and CPD aaccredited e-learning solutions
For more information about these services please contact:
About the GDPR Awareness Course
Our GDPR Awareness Course is now a fully accredited CPD course (#1001781) with 3 CPD credits.
Are you GDPR aware?
Do you understand GDPR?
Is GDPR relevant to your role or business?
This certified and CPD accredited course has been designed to help you gain a better understanding of GDPR awareness and compliancy that is legally required by the Information Commissioners Office (ICO).
The course will take approximately 90 minutes and there is a test that is required to be taken and passed to demonstrate awareness.
You will also have access to document templates that will help you comply with the new laws.
A certificate will be issued on passing the relevant required grade.
This course is aimed at giving all staff an awareness of the new EU General Data Protection Regulations (GDPR) that replaced the existing Data Protection Act (DPA) on 25th May 2018. Topics covered include the rights of data subjects, the responsibilities of data controllers and processors, consent and data breaches.
The GDPR changes the regulations surrounding the way data controllers and processors handle data, introducing tougher requirements and giving individuals more power over what organisations can do with their data. We have designed this course to help staff gain awareness of the changes these regulations bring.
This course is appropriate for all organisations that need to give staff an awareness of the new GDPR regulations.
This course will also help with:
- Understanding of the difference between data subjects, data controllers, and data processors
- Understanding of what is meant by personal and sensitive data
- Knowledge of the new rights and powers of the data subject
- Awareness of general rules surrounding data transfers outside the EEA
- Knowledge of the new requirements surrounding data breaches and how to respond to them
- Knowledge of the lawful reasons you are required to have to process an individual’s personal data
- Awareness of the tougher regulations surrounding consent
- Lawful Basis
- Rights of the Data Subject
- International Data Transfers
- Data Breaches
- Other Elements of GDPR:
- Data protection officer
- Data protection impact assessments
- Data audit
- Data protection policy
- Assessment Questions
Who is this course for?
This course provides an introduction to data protection, safety online to protect data from being breached and data protection laws.
We recommend that all employees take this course in order to build a security conscious work force and reduce business risks associated with data breaches.
Participants could include but is not limited to:
- Sole Traders/Limited Company Directors
- Retail staff/frontline general workforce
- Supervisors and 1st line Managers
- Managers and Directors
- Any roles performed where personal data is managed, processed or handled, including CCTV companies and operators