The new Data Protection Act 2018 protects information that identifies you. The act ensures the UK’s national data protection arrangements meet the new EU General Data Protection Regulation (GDPR) from Friday 25 May 2018.
We have to comply with the new act which strengthens data protection for all UK citizens in the following ways:
- stronger information security, data privacy and governance
- standardised data protection rules across Europe
- more citizen say over what organisations can do with their personal data
- bigger fines for non-compliance.
The act balances your rights with the sometimes competing interests of those who have a legitimate reason for using your personal information. It gives you clear rights on the information we hold about you (the “data subject”) and places obligations on us (the “controller”) when we process your information. Personal information covers both facts and opinions about you.
What does data protection mean?
It’s a legal framework that protects…
- Personal data - all information that can identify you directly, or indirectly when used with other information – e.g. include your name, job title, age, postal/email/IP address (online identifier), vehicle registration number, bank details, plus any other information that relates to you
- Special categories of personal data – information revealing race or ethnicity, religious or philosophical beliefs, trade union membership, your health, sex life or sexual orientation and processing of genetic or biometric data. These “special categories” need to meet higher standards when processing. It used to be known as “Sensitive Personal Data”.
How is it different to the old data protection act?
There are now 7 principles and 8 new rights for you, the data subject.
- only collect the personal data we need
- only use it for a specific purpose
- process it lawfully and fairly
- keep it accurate and up to date
- get rid of it when we no longer need it
- keep it safe and protect it from wrongful use
- be transparent and document how we use it.
Your new rights are:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- rights in relation to automated decision-making and profiling.
The council has also appointed a new Interim Data Protection Officer and notified the Information Commissioner’s Office (ICO).
The Data Protection Officer has a dedicated email address: firstname.lastname@example.org.
Information Management Team
3rd Floor, East Wing, Hammersmith Town Hall
020 8748 3020
Offices open 9am to 5pm