Data protection concerns the fair and proper use of individual’s information. In the UK, this is covered by the Data Protection Act 2018, and the General Data Protection Regulations (GDPR).
The GDPR contains requirements that systems and processes must consider compliance with the principles of data protection. Under GDPR, you have an obligation to put in place organisational measures to show how that you integrate data protection into your processing activities.
Businesses must ensure that data subjects can withdraw their consent to their data being processed. Businesses must also ensure that consent is ‘explicit’ for processing sensitive data. The onus is on the business to show that the consent was given. Where personal data is processed for direct marketing, the data subject will have a right to object. The right to object will have to be explicitly brought to their attention.
The Information Commissioner’s Office (ICO) provides extensive guidance on data protection, and is the go-to place to ensure you are compliant.
- The ICO’s guide for those with responsibility for data protection
- Guide to the UK General Data Protection Regulation (GDPR)
- Right of Access Guidance
Return to Updates Page