Data Protection Act 2018

Data Protection Act 2018 (GPPR)


As a business operating within the UK, you are regulated by the DPA 2018 (GDPR) The act states:

Everyone responsible for using personal data has to follow strict rules called “data protection principles.” They must make sure the information is:

  • used fairly, lawfully and transparently

  • used for specified, explicit purposes

  • used in a way that is adequate, relevant and limited to only what is necessary

  • accurate and, where necessary, kept up to date

  • kept for no longer than is necessary

  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

What does this mean for my business?

It means that if you are collecting ‘Personal Data’ of customers, employees, or volunteers then you need to take the 6 Principles stated above into account. Regarding your IT Systems, principle 6 is the major influence.

The Security of that Personal Data has got to be one of your highest priorities as a business. The fines for not providing adequate security of customer personal data and be 4% of the Business Global Annual Turnover. In some cases, this goes into the many millions of £’s.

Do not stress too much, there are things you can do to help you protect that data. There is a security framework called Cyber Essentials which helps businesses go about making changes to improve their security profile.

Follow this link to learn more about Cyber Essentials

Information Security Policy Documents

As the business owner, you should also write an Information Security Policy which should be made available to your customers and staff. This will show that you are committed to doing the right thing by them and will give them confidence you know what you are doing with their personal data. The EU GDPR Mandatory required documentation is a large list of documents which will help your business comply. Our GDPR Section is under construction.

TechSecScot are no longer contracting as a Compliance Specialist but has provided lots of information on this website to help you.