Until the 1st January 2021, the EU GDPR (European Union General Data Protection Regulation) provided a coherent and thorough personal data privacy law across all EU member states including the United Kingdom. Since then and our final transition from the EU, the GDPR has become the (retained GPDR 2016/679) UK GDPR for the United Kingdom and is primary data protection legislation, alongside the Data Protection Act 2018. Both versions of the GDPR are predominantly the same as of the 1st January 2021, save the previous allowed changes the Data Protection Act 2018 made. The key changes revolve around the removal of references to the EU and ensuring the legislation is specific to the UK.
Importantly, the UK GDPR also makes it a requirement for any organisation outside of the UK, which processes the personal data of persons within the UK to comply with the UK GDPR. This ‘territoriality’ requirement is the same as the EU’s GDPR.
Ultimately, the rationale for the UK GDPR is the same:
- It aims to prevent security breaches and the loss of personal data by organisations that hold or process PII (Personally Identifiable Information)
- It affects any organisation that offers goods or services (even free ones) or monitors the behaviour of UK citizens
- Penalty for breaking the regulations can be financially extreme and significantly detrimental
- Will be the lawful benchmark that all organisations who process or store Personal Information must adhere to
Training is a core element of the organisational measures required to be implemented by organisations. This course is designed to provide you with a general understanding of the UK General Data Protection Regulation. This will provide awareness for the need for data protection and to support you in identifying the risks in relation to unauthorised access to personal data. The Data Protection Act 2018 which sits alongside the UK GDPR is not discussed in depth here.