Home / News / GDPR: Everything you need to know about UK data protection laws

GDPR: Everything you need to know about UK data protection laws

Businesses that collect the personal information of customers, potential customers, employees or other individuals, must process this information lawfully.  In the UK, data protection is governed by the General Data Protection Regulation (GDPR), and businesses must comply with its six data processing principles to avoid non-compliance or breaches. Leanne Schneider-Rose, Partner and Head of the Restructuring and Insolvency Team, explains.

What is GDPR?

Data protection is an area of law of vital importance to both individuals and businesses. In essence, it provides mandatory rules for how organisations and companies must use personal data in an integrity friendly way.
In the UK, the primary source of law is the GDPR. Businesses that collect, store and use personal information about, from and provided by customers, potential customers, employees or other individuals must process that information lawfully.  This includes complying with the six data processing principles set out in the GDPR and ensuring that the organisation has a valid legal basis for the processing of the information.
Anyone responsible for using personal data must make sure the information is used fairly, lawfully and transparently, that it is used for specified, explicit purposes, and in a way that is adequate, relevant and limited to only what is necessary.
GDPR is a large and complex area of law, but the key points that businesses must note include the need to:

  • Have in place appropriate privacy policies setting out what personal information the business processes, for what purpose and on what lawful basis, advising individuals of their rights in relation to their information and other information required to be provided.
  • Be able to recognise and know how to respond to a subject access request when an individual requests a copy of the information held by the business about them.
  • Ensure that if any third party handles personal information on behalf of the business, an appropriate agreement with the third party and safeguards are put in place.
  • Understand and comply with applicable laws if transferring information to another country.
  • Understand and comply with applicable laws relating to the use of cookies on websites and consents required in relation to marketing activities

What if I don’t comply with GDPR?

All and any breaches of GDPR data protection law carry penalties and fines, often very severe. Therefore, it is essential for businesses to understand their obligations and take them seriously. Our data protection lawyers have considerable experience in preparing and advising on privacy policies, assisting in responses to subject access requests and advising generally on data protection law.

More information

Resources:

For help, advice and assistance with a the impact and consequences of a dissolved company, contact Leanne Schneider-Rose or email: L.Schneider-Rose@sydneymitchell.co.uk. Leanne is Head of the Restructuring and Insolvency Team incorporating Banking and Finance Litigation and Debt Recovery, and acts for lenders advising on their recovery options, insolvency practitioners in all aspects of contentious and non-contentious insolvency matters, for individuals or companies facing insolvency claims, and for directors facing director’s disqualification proceedings, wrongful trading, misfeasance and breach of fiduciary duty claims.

 

What you need to do and know when a family member diesContractual Joint Venture and Collaboration Agreements