The General Data Protection Regulation ("GDPR”) is a legal framework that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. It covers all companies that deal with the data of EU citizens, specifically banks, insurance companies, and other financial companies. 

It’s crucial for you to comply with the Data Protection Act 2018. This was previously known as the Data Protection Act 1998, but was updated in accordance with GDPR in 2018.

You should know what rules the Act enforces regarding how you obtain, store, share, and use personal data. By following these rules, you’ll ensure your business handles data securely and protects the privacy of your customers and employees.

The Data Protection Act 2018 aims to:

  • Facilitate the secure transfer of information within the European Union.
  • Prevent people or organisations from holding and using inaccurate information on individuals. This applies to information regarding both private lives or business.
  • Give the public confidence about how business’s can use their personal information.
  • Provide data subjects with the legal right to check the information businesses hold about them. They can also request for the data controller to destroy it.
  • Give data subjects greater control over how data controllers handle their data.
  • Place emphasis on accountability. This requires businesses to have processes in place that demonstrate how they’re securely handling data.
  • Require firms to keep people’s personal data safe and secure. Data controllers must ensure that it is not misused.
  • Require the data user or holder to register with the Information Commissioner.