What is Data Protection?
As we are sure you are fully aware, digital technology has transformed nearly every aspect of our day-to-day life. Whether it be at home, work or even on holiday, our reliance on all things digital is evident, and most of us would be completely lost without our gadgets.
This means that making sure our data is secure is a fundamental an issue as it ever was. An ever-rising amount of data is being processed daily, and this means data protection laws need to respond to this need.
At guarantor loans, we care about your data protection. We have our site clearly hosted on a secure server (https) and do not ask you to fill in any details. Instead, we offer a simple way to click through to other lenders where you can apply. Plus, every lender we feature is fully authorised by the Financial Conduct Authority ensuring that they are responsible and fit to manage your loan application and data.
New data protection bill
The UK government revealed this year that it will be undertaking an overhaul of data protection laws to address security concerns in the digital age, updating the previous data protection bill which was then introduced in early September. Digital Minister Matt Hancock said in a statement that the new law “will give us one of the most robust, yet dynamic, set of data laws in the world.”
In essence, the bill will transfer the European Union’s General Data Protection Regulation into UK law. It is a major revamp of data protection laws in the country and is partly being introduced to prepare Britain for the impending exit from Europe. However, before getting to grips as to what this new measure means for ordinary citizens and its implications, it’s important to understand what data protection means.
What is data protection?
Data protection is defined as the law intended to protect your personal data and how it is used by businesses, government or organisations, and to ensure the protection of privacy and access of personal information stored on computers. In order to safeguard this information, the UK initially implemented the Data Protection Act in 1998 prior to the more recent Data Protection Bill.
What is the Data Protection Act?
The Data Protection Act (DPA) provides legal protection of your personal information and ensures that those responsible for using, recording and processing your personal data in adherence to data protection principles outlined in the Act. These rules concerning personal information are outlined in the following:
- Should only be used in a way that remains relevant, and not excessively
- Processed for limited purposes
- Not kept for longer than is necessary.
- Any information must be processed and recorded in line with an individual’s rights
- Personal data should always be accurate
- Information should be kept secure and safely
- Date should not be transferred outside the European Economic Area (EEA) or to other countries without adequate protection
- Information should be both lawfully processed and used fairly.There are stricter rules in place regarding more sensitive personal data pertaining to:
- Personal religious beliefs
- Ethnic background
- Sexual health
- Criminal records
- Personal political opinions
How can I find out what personal data an organisation has?
This act enables you to find out the type of information organisations or the government has of yours, and it is a legal obligation for them to give you a copy of this information when asked.
However, there are certain circumstances when organisations are permitted to withhold data when asked and do not need to necessarily say why they are doing so. This pertains to situations such as:
- National security or the armed forces
- Tax collection or assessment
- The investigation or prevention of a crime.
- Ministerial or judicial appointments.
In any case, a response to a request for information should be given within 40 calendar days of receiving it.
How do I get a copy of my personal data?
In order to obtain a copy of this data, you will need to write to the government or organisation in question asking to see the information held, this is referred to as a subject access request. Whilst it is not always the case, you may be asked by an organisation or data controller to pay a small fee to receive this data, proof of identity, or more information to retrieve the data.
In terms of fees, it should be around £10 but maybe more if the information is within a health or education record, for example.
Is this the same as the Freedom of Information Act?
In short, no. It is not a subject request if you are asking for personal data that is made by someone who is not a subject of the information in question. Access of this kind would be under the Freedom of Information Act 2000, which provides public access to data held by public authorities but as with the Data Protection Act, there are exemptions if they infringe data protection principles such as:
- Confidential references
- Statistics, research or history
- Parliamentary privilege
What is different about the new data protection law?
As previously mentioned, the Data Protection Bill is intended to fully overhaul the previous Act, with the intention of giving people greater freedom over their data and empower citizens to take control of their own personal information.
Here are some of the ways in which it will be different.
- Allowing people to ask for data to be deleted, so if you are concerned about social media posts on Facebook and Twitter haunting you for years to come, you can ask for their removal.
- Expanding the meaning of personal data to include DNA, IP addresses, and small text files (cookies), meaning that these can be deleted too.
- Make the process simpler for people to withdraw consent on the usage of their personal information.
- The act will be stricter with businesses using personal data, requiring them to gain ‘explicit’ consent and will face much bigger fines (up to £17m, previously capped at £500,000 than before if they do not adhere to these new principles.
Is it all good news?
There have been concerns raised about the issue of safeguarding freedom of expression.
- The Data Protection Bill could make it more difficult for freedom of the press, with journalists needing protection expose wrongdoing and to allow freedom of expression.
- It could even also make it difficult for the world of professional sports to undergo anti-doping measures, with agencies needing protecting to expose drug cheats.
- Financial services who handle personal data of those suspected of financing terrorist activities.