Whilst data protection laws have evolved over many years,
complying with data protection regulations is by no means new.
The recent overhaul of privacy laws introduced the most significant changes in many years.
The GDPR came into effect on 25 May 2018 and The DPA 2018 enacts the GDPR into UK law. In doing so it has included various ‘derogations’ as permitted by the GDPR. Whilst resulting in some key differences, it continues to uphold the principle of accountability.
Since the UK left the EU on January 31, 2020 following the end of the Brexit transition period, the UK is no longer be regulated domestically by the European General Data Protection Regulation (GDPR).
The UK has passed its own version into law, known as the UK-GDPR (United Kingdom General Data Protection Regulation).
“The accountability principle requires YOU to take responsibility for what you do with personal data and how you comply with the other principles. You MUST have appropriate measures and records in place to be able to demonstrate your compliance.”www.ico.org.uk
If you determine the purposes and means of processing personal data, you are a data controller as defined by the UK Data Protection Law.
It is therefore YOUR RESPONSIBILITY as Data Controller to appoint an individual to be responsible for monitoring and assessing compliance on an ongoing basis.
Many organisations consider outsourcing the responsibilities of a DPO to a suitably competent third party to carry out the DPO function as well as to help ensure that their organisation is well informed and up to date on privacy matters.
There are a number of benefits to outsourcing this important role however the key advantage is that it helps you meet a primary DPO requirement in that the DPO must be “independent, an expert in data protection, adequately resourced, and report to the highest management level”.
Your reputation matters, your data matters.
Let us help you protect it.
Member of the International Association of Privacy Professionals