Privacy law and the GDPR (General Data Protection Regulations)
Privacy affects a greater part of our lives than ever before. And that is because the potential for powerful governments, companies, and institutions to intrude into our lives is greater than ever before with the advent of the internet.
You are likely to be aware of the General Date Protection Regulations which came into effect in May 2018. They are designed to protect individuals against unnecessary intrusion, to protect privacy, and they provide guidelines within which organisations which hold individuals’ personal sensitive data must act, in order to protect that data.
If you have suffered as a result of a breach of the Regulations, we may be able to assist you in making a claim or to request certain action to rectify the breach.
If you run a business and you seriously breach the GDPR, you may be fined heavily and ordered to pay compensation as well. A fine may be up to £20 million. You may need advice in how to deal with the Information Commissioner’s Office (ICO), which regulates and deals with enforcement of the GDPR.
Privacy is not just governed by these Regulations, and a ‘breach of privacy’ may give rise to a civil claim which you can bring in the civil courts as well. For example, the European Court of Human Rights has led the way in the expression of a right to a private life (Article 8.1). Each case needs individual assessment.
The aim of the GDPR is to govern the processing and use of personal data. Data must be:
-processed fairly, transparently, and in a secure manner
-collected only for specific legitimate purposes
-adequate, relevant, and limited to what is necessary
-accurate and kept up-to-date
-stored only for as long as necessary
In addition, data may only be processed:
-if the data subject has given their consent
-to meet contractual or legal obligations
-to protect the vital interests of the data subject
-for the legitimate interests of the organisation
Most businesses will deal with the personal data of customers, clients, and suppliers. The ICO will not easily accept an excuse for failing to deal with it in accordance with the GDPR obligations.
Contact us for a consultation on what you may need to do to comply properly.