Credit: wk1003mike

Data Privacy and Protection in UK Law (as of April 2020)

Happily beavering away at filling in a tough job application — I was asked, “What is your present understanding of privacy laws in the UK?”. Funnily enough, my answer didn’t fit in the word count box. Seemed a shame cutting short my research — so here’s my full answer! It might be useful.

I’ve been hankering to change my career since last fall. I have worked as a developer ever since graduating way back in 2005. I started off as a Flash Developer (I know right), then progressed into Web Tech. The last 2+ years I’ve shared my time as a developer, working freelance for the BBC as a Technologist for an internal technology insights team — BBC Blue Room. I’ve totally fallen in love working within this specialism. I’m giving every commitment to finding a job to progress me to the next level and within Government / Policy / Governance / Foreign Diplomacy with a focus on AI / ML / Algorithms / Cyber Security / Insight / Media Manipulation / Emerging Technology.

Now, I can’t reveal who this application was with. Though I can safely share the factual information which formed part of my answer to one of the questions. To my surprise whilst researching, I didn’t find a single resource which simply outlined laws and regulations as a list. So I thought it could make for a helpful tech insight article.

No more waffle from me. Here’s a list of current, and in force, UK Laws with regards to Data Privacy and Protection, including amendments in response to Brexit — of which new rules negotiated during the transition period take effect from 1st January 2021. Enjoy!

The EU’s General Data Protection Regulation (GDPR)

  1. Lawfulness
  2. Fairness and transparency
  3. Purpose limitation
  4. Data minimisation
  5. Accuracy
  6. Storage limitation
  7. Integrity and confidentiality [‘security’] and Accountability

Failure to comply with these seven principles potentially carry heavy fines of either up to €20 million or 4% of total worldwide annual turnover — which ever is the highest amount.

GDPR also sets out the rights a ‘data subject’ (a single person) has over data stored about them:

  1. To be informed
  2. access
  3. rectification
  4. erasure [‘forgotten’]
  5. restrict processing
  6. portability
  7. to object and Rights in relation to automated individual decision-making and profiling

The Keeling Schedules

The Privacy and Electronic Communications (EU Directive) Regulations 2003 (PECR)

A simplified difference between GDPR and PECR is that GDPR covers the general collection and processing of personal data, whereas PECR is more specific to the privacy and security of personal data in electronic communications.

The Security of Network and Information Systems Regulations (NIS)

Wondering if you’re compliant?

Finishing Note

Stay safe everyone! Stay home, protect lives, be kind where you can.

Want to work together? I’m always open to hearing about interesting opportunities: