The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements and brings into UK legislation the European Union's General Data Protection Regulation (GDRP) and replaces the Data Protection Act 1998.
GDPR together with the Data Protection Act 2018 defines the requirements applicable to the management of personal data.
Personal data is information that relates, either directly or indirectly, to an individual. That individual must be identified or identifiable either directly or indirectly from one or more identifiers or from factors specific to the individual.
The GDPR covers the processing of personal data in two ways: personal data processed wholly or partly by automated means (that is, information in electronic form); and personal data processed in a non-automated manner which forms part of, or is intended to form part of, a 'filing system' (that is, manual information in a filing system).
Some of the personal data you process can be more sensitive in nature and therefore requires a higher level of protection. The GDPR refers to these types of data as 'special categories of personal data'. This includes personal data about an individual's: race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where this is used for identification purposes), health data, sex life, criminal convictions and offences or sexual orientation.
Your obligations under the GDPR will vary depending on whether you are a controller, joint controller or processor, Controllers are the main decision-makers – they exercise overall control over the purposes and means of the processing of personal data.
If two or more controllers jointly determine the purposes and means of the processing of the same personal data, they are joint controllers. However, they are not joint controllers if they are processing the same data for different purposes. Processors act on behalf of, and only on the instructions of, the relevant controller. The controller must: identify valid legal grounds under the GDPR (known as a 'lawful basis') for collecting and processing personal data. ensure that you do not do anything with the data in breach of any other laws. use personal data in a way that is fair.
This means you must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.be clear, open and honest with people from the start about how you will use their personal data, provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, information on security measures implemented, information relating to subject access procedures as well as information on who data will be shared with. This is generally called 'privacy information'.
Contract of Employment
Policies and Procedures
Terms and Conditions
Service Level Agreements
Non-disclosure Agreements
Refer to full legislation for exemptions.
*Please refer to the Terms and Conditions in our footer.
The information contained in this website is for general information purposes only. The information is provided by ISOvA, and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is, therefore, strictly at your own risk.
In no event will we be liable for any loss or damage, including, without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website, you are able to link to other websites which are not under the control of ISOvA. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, ISOvA takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
In addition, the legal texts identified on this website do not represent all the legislation published in relation to the relevant topic areas. ISOvA Consultancy selects the legislation which it believes will apply to the organisations and industries with which it is engaged. In addition, there may be some instances where new legislation or amendments to current legislation are introduced, but there is a slight delay between the introduction of that legislation and the availability of it on this website. ISOvA Consultancy does not take responsibility for the accuracy of any information provided and would recommend that you take appropriate legal advice in relation to any legislation which is relevant to your organisation, as appropriate. In addition, the content of our webpages does not replace each organisation’s duty to be aware of and comply with the legal requirements applicable to their operations.
*Please note some sections maybe blank if no data is relevant
With ISOvA, 80% of the work is done for you. Our dedicated ISO experts maintain a master list of legislation relating to Quality, Environmental, Information Security and Occupational Health & Safety, leaving just 20% of effort from you to tailor it to your organisation.
We've already helped 100's of companies through the process - let us show you what we can do for yours...
Including our quarterly legal compliance updates that are a great resource for evidence for your ISO audits.
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you.