Data protection

The Data Protection Act 2018 controls how personal information is used by organisations, businesses or the government. Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently; used for specified, explicit purposes; used in a way that is adequate, relevant and limited to only what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary, and; handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

The best sources of information on Data Protection are the ICO (Information Commissioner’s Office) and GOV.UK websites.  Find out more:

,
Corby 03.10.23 Presentation
At VIN, we recently undertook a data protection refresher in…
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The principles lie at the heart of the UK GDPR. They are set out right at the start of the legislation, and inform everything that follows.
Legitimate interests is one of the six lawful bases for processing personal data. You must have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle.
You need to assess each part of the three-part test, and document the outcome so that you can demonstrate that legitimate interests applies. We refer to this as a ‘legitimate interests assessment’ or LIA.
The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.