WHAT IS DATA PROTECTION COMPLIANCE?
Data protection is about ensuring people can trust you to use their data fairly and responsibly. Personal data means information about a particular living individual.
If you collect information about individuals for any reason other than your own personal, family or household purposes, you need to comply with relevant data protection law.* This includes a wide variety of EU-based and domestic legislation, including the General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulation ('PECR').
*Source: Information Commissioner’s Office, https://ico.org.uk/for-organisations/guide-to-data-protection/introduction-to-data-protection/some-basic-concepts/ 17/06/19, licensed under the Open Government Licence.
WHAT IS GDPR?
'GDPR' is an abbreviation of the General Data Protection Regulation, which came into force on 25 May 2018. It is sometimes also referred to as the 'Global Data Protection Regulation', as it has a worldwide impact, given that it applies in all cases where organisations process the personal data of an EU or EEA citizen. By virtue of the Data Protection Act 2018, GDPR has essentially been incorporated into UK law, and the 2018 Act imposes additional national data processing requirements here in the UK.
THE INFORMATION COMMISSIONER'S OFFICE ('ICO')
The ICO is responsible for ensuring that organisations comply with data protection law in the UK. It has a wide range of enforcement powers, including the ability to impose fines. Other powers include the right to serve enforcement notices and to ban the processing of personal data.