Privacy Notices/GDPR
GDPR, General Data Protection Regulations
On May 25th 2018 additional rules, often called GDPR, came into force around the use and storage of data for all organisations across the UK.
Until now, the main legislation was the Data Protection Act 1998.
There are 8 principles to the Data Protection Act of 1998:
1. Personal information must be fairly and lawfully processed
2. Personal information must be processed for limited purposes
3. Personal information must be adequate, relevant and not excessive
4. Personal information must be accurate and up to date
5. Personal information must not be kept for longer than is necessary
6. Personal information must be processed in line with the data subjects' rights
7. Personal information must be secure
8. Personal information must not be transferred to other countries without adequate protection
The General Data Protection Regulations, GDPR, add to the previous Data Protection Act from 1998.
The Six Principles of GDPR
1. Processed fairly, lawfully and in a transparent manner
2. Used for specific, explicit and legitimate purposes
3. Used in a way that is adequate, relevant and limited
4. Accurate and kept up to date
5. Kept no longer than is necessary
6. Processed in a manner that ensures appropriate security of the data