Data Protection

After Brexit, the UK developed its own version of the GDPR (originally created by the European Union) known as UK GDPR

🔐 7 core principles:

1. lawfulness, fairness and transparency: asking for consent; respecting a Privacy Policy; consent might not be necessary if use of data is enforced by law for specific reasons (eg. public or vital interest)

2. purpose limitation: only use the data if necessary and for a specific reason

3. data minimisation: only collect the minimum amount of data needed

4. accuracy: data must be correct, up to date and the user can request amendments

5. retention: the user can request for the data to be deleted at any moment (right to be forgotten)

6. integrity and confidentiality: the data must not be shared if not necessary or for purposes other than what was initially set out

7. accountability: the business storing the data is responsible for them, and must act to reduce the risk of breaches and comply with the law

📚 Resources

• https://www.gov.uk/data-protection
• https://www.legislation.gov.uk/eur/2016/679/contents
• https://ico.org.uk/for-organisations/data-protection-and-the-eu/overview-data-protection-and-the-eu/