Last month, on 25th May, we saw the biggest change to UK data protection law in a generation. The General Data Protection Regulation (GDPR) came into effect and gave people more control and stronger rights over their personal information and required companies to be more accountable and transparent about how they use, store and share personal information.
The ICO have campaigned hard to increase the public's trust and confidence in how their data is used. The Information Commissioner, Elizabeth Denham, recently said in relation to the “Your Data Matters” campaign:
“Almost everything we do - keeping in touch with friends on social media, shopping online, exercising, driving, and even watching television - leaves a digital trail of personal data.
We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable. It’s important that it stays safe and is only used in ways that people would expect and can control.”
The Data Protection Bill has worked its way through parliament and now replaces the Data Protection Act 1998. The new Act updates data protection laws in the UK, and sits alongside the GDPR. Both will work together to provide a modern and comprehensive package to protect personal information and build trust in this growing digital age.
Protecting personal information is an ongoing task. 25th May has been and gone but that does not mean we can now forget about GDPR. Effective data protection needs clear evidence of commitment and an ongoing effort to identify and address emerging privacy and security risks. Although there are more serious sanctions and fines for those that deliberately or negligently misuse data, we understand that ICO still prefer the carrot than the stick and have reconfirmed their commitment to taking a proportionate and risk-based approach to enforcement.