LexisLibrary and LexisPSL
Sign up for a free trial today and get full access for a weekTrial
Is a complete guide to the current and new data protection rules, and is based on the final published text of the new Regulation.
* Call 0330 161 1234 to find out more about online services
INTRODUCTION TO DATA PROTECTION
1.1 This book provides a concise introduction to data protection law and considers issues that may arise in the daily work of company directors, company secretaries and administrators. In doing so, it takes account of the fact that company directors, secretaries and administrators often have a number of functions in addition to their usual administration activities – the book includes a brief introduction on the practical effect of data protection law on the activities of commercial organisations.
1.2 Part 2 of this book provides a guide to the new regime brought about by the General Data Protection Regulation of the European Union, which will impose a new regime on companies and organisations of all kinds that hold personal data relating to their clients, customers, employees and third parties; in other words, almost every organisation that does business with individual customers or provides a service to them (see Chapter 10 et seq).
1.3 Data protection is a relatively new addition to laws that affect company administration. For this reason, it is important to keep up to date with developments as new practices and procedures become standard.
1.4 This book will be updated to reflect both changes in the law and the needs of its readers. The author would be pleased to receive (via the publisher) comments from readers as to how the book can be improved to better meet those needs.
WHAT IS DATA PROTECTION?
1.5 Driven largely by an aspiration for Europe-wide privacy rights for individuals, various legal measures culminated in a 1995 European Directive (95/46/EC) under which all Member States of the European Union, including the UK, were obliged to create new law on the ‘processing of personal data’.
1.6 The Data Protection Act 1998 (‘DPA’ or ‘the Act’), the statutory provision under which the UK implemented the 1995 Directive, came into force on 1 March 2000.
1.7 Data protection is essentially that area of the law that governs what may, and may not, be done with personal information. This information may be in electronic form (eg stored on a computer hard drive) or manual (eg paper-based) form. Although the law applies to all electronically processed personal data, it applies only to some types of paper-based records.
1.8 In the UK, data protection law is enforced by the Information Commissioner’s Office (‘ICO’ or ‘the Office’). The current Information Commissioner is Christopher Graham, who was appointed in June 2009. In April 2010, the Commissioner was given the power to impose fines on organisations for data protection breaches – up to £500,000 per breach. Since November 2011, over 100 organisations have been fined sums ranging from £60,000 to £300,000 – see further details in Chapter 9.
1.9 Data protection law is due to change over the next couple of years due to the European Commission’s decision to revise and update the law, after extensive discussions with the European Parliament and the Council of Ministers. This new law is the General Data Protection Regulation (‘the Regulation’ or ‘the new Regulation’) discussed in Part 2 of this book.
1.10 The new Regulation will make it a legal requirement for some private sector organisations (such as limited companies and public limited companies) that store or use personal information to employ a qualified Data Protection Officer. Companies are well advised to prepare for this requirement by arranging for a designated member of staff to be trained in data protection matters.
1.11 The Regulation will increase the level of fines that can be imposed by the ICO, from the current £500,000 per breach of the DPA to a maximum fine of €20 million per breach of the Regulation or up to 4% of a company’s/group’s total annual turnover, as appropriate.
1.12 The new Regulation will also make the reporting of breaches to the ICO compulsory in certain circumstances.
Data protection has been in the news a lot recently, and affects companies and organisations of all kinds that handle personal data in the course of their business. Here, Ian Long discusses his new book on what the new data protection rules mean for you.Click here to listen.
Have a question about this product? Please get in touch by completing the boxes below.
The authority on corporate borrowing
A concise account of UK trade marks law within the European and international context.