What is the distinction between the Data Protection Act, 2018 and UK GDPR?
The EU GDPR no longer applies in the UK but this was almost entirely transcribed in the UK GDPR
The UK GDPR is supplemented by the Data Protection Act 2018.
What is the aim of this legislation?
To create a single data protection regime affecting businesses and to allow people to take control of how their data is used by third parties
What are the key requirements of the Data Protection Act?
- An obligation to conduct data protection impact assessments for high risk holding of data
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- Data security breaches need to be reported to ICO within 72 hours where this is a loss of personal data
What are the fines for breach of this legislation?
4% Global turnover or £17.5 million, whatever is greater
What are the principles of UK GDPR?
Article 5(1) Principles relating to the storage of personal data must …
- Be processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Ensure appropriate security of data
What is personal data?
Any data that identifies a person, e.g. name, address, date of birth
How would you ensure accuracy of data from third parties?
When sourcing data from third parties such as CoStar, I always call the relevant agents to confirm accuracy in the data
How do you ensure appropriate data protection on the Cluttons portal?
- The portal requires users to update passwords every 30 days
- Access is restricted to the requirements of each user.
- All accounts have to be approved by the client
How did your firm prepare for the introduction of GDPR?
Data training, cyber security training, password requirements
