What is Data Protection Legislation?
It’s the law that controls how personal data is used in the UK.
Includes UK GDPR, DPA 2018, and DUAA 2025.
What is Personal Data?
Any info that can identify a living person.
Example: Name, address, IP address
What is Sensitive Personal Data?
Extra-protected info like health, race, religion, sexual orientation.
Seven Principles
Be legal and fair – Don’t misuse data.
Stick to the purpose – Use data only for why you collected it.
Keep it minimal – Don’t collect more than needed.
Keep it accurate – Update wrong info.
Don’t keep forever – Delete when no longer needed.
Keep it safe – Use security measures.
Show compliance – Be able to prove you follow the rules.
Lawful Reasons to Use Data
Consent – Person agrees (must be clear opt-in).
Contract – Needed for a contract.
Legal duty – Required by law.
Vital interests – To save a life.
Public task – For public interest work.
Legitimate interest – Business needs, unless privacy outweighs it.
People’s Rights
Know what’s happening (Right to be informed).
See their data (Access).
Fix mistakes (Rectification).
Delete data (Erasure).
Stop use (Restrict processing).
Move data (Portability).
Say no (Object, especially marketing).
Avoid computer-only decisions (Automated decisions).
ICO Powers
Can fine up to £17.5m or 4% of global turnover.
Must report serious breaches to ICO and sometimes to individuals.
What is Redress?
Making things right for the customer.
Example: Paying compensation, fixing an error, or apologising.
Who can complain to FOS?
Consumers
Small businesses (under £6.5m turnover, <50 staff)
Micro-enterprises (<10 staff, turnover ≤ €2m)
Charities (<£6.5m income)
Trustees (<£5m assets)
Guarantors
FOS Rules
Free, independent service after internal complaint process.
Max award: £445k (for recent cases).
Decision is binding if customer accepts.
FSCS Protection
Steps in if insurer goes bust.
100% cover: compulsory insurance (motor, EL), life, pensions.
90% cover: most other policies (home, travel, pet).
Example: If your insurer fails, FSCS pays your claim.
CII Code of Ethics
Follow law and code.
Act honestly and fairly.
Put clients first.
Give good service.
Treat everyone equally.
