General Data Protection Regulations.
The General Data Protection Regulation is based on 6 Key Principles which are:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and where necessary kept up to date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security
With a Seventh Principle of Accountability being enacted under Article 5(2) which states:
‘The Controller shall be responsible for, and be able to demonstrate compliance with paragraph 1 (‘accountability’)’
Although we in the UK are currently going through Brexit, the GDPR is still applicable and Karen Bradley MP – Secretary of State Culture Media and Sport in a report to the Select Committee 24 Oct 2016 stated:
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
The UK gave royal ascent to the Data Protection Act 2018 on the 23rd May 2018, and this is the UK's implementation of the General Data Protection Regulations.