Data protection history. Data protection is something that every webmaster should take seriously. If you don’t want to get into trouble with data protection authorities, then you need to stay informed.
Here is some Data Protection History.
- 1995: First introduction of The European Directive on Data Protection. This protected personal data in all member states of the European Union (EU).
- 1998: The EU laid down a set of standards with regard to data protection and privacy.
- 2002: The EU Data Protection Directive was updated to include more stringent rules regarding compliance.
- 2009: The EU Data Protection Directive was replaced by the EU General Data Protection Regulation (GDPR).
- 2018: The GDPR came into force on 25 May 2018. It replaces the EU Data Protection Directive and all member states must be compliant by 25 May 2018.
What is GDPR?
The General Data Protection Regulation (GDPR) is designed to provide consistent data protection laws across the European Union. The GDPR has a wider scope than the European Data Protection Directive.
This is because it applies to all companies processing and holding the personal data of data subjects. These include data residing in the European Union, regardless of the company’s location.
It also applies to the processing of personal data of data subjects by companies not established in the EU, but which offer goods or services to EU residents.
This means that if a business processes or holds the personal data of individuals located in the EU, then it must comply with the GDPR.
Data Protection Law
The Data Protection Act 2018 came into force on 25 May 2018, replacing the Data Protection Act 1998. This new Data Protection Act is GDPR-ready. This means it contains all of the provisions of the GDPR and is ready for transposition into UK law.
It will thus provide citizens with stronger rights to protect their personal data and enable enforcement bodies to respond more effectively to breaches.
It also provides for sanctions against both controllers and processors for infringements, which can include fines up to £17 million or 4% of annual worldwide turnover, whichever is greater. Within three days after the discovery of a security breach, controllers must disclose the security breach.
ICO
The Information Commissioner’s Office (ICO) is responsible for upholding information rights in the public interest, promoting openness by public bodies, and data privacy for individuals. The ICO is a self-governing body established under the 1998 Act and supported by fees placed on businesses subject to its regulatory regime.
The Information Commissioner’s Office (ICO) has recently announced plans for a new civil monetary penalty (CMP) regime for breaches of certain parts of the Data Protection Act 2018 (DPA 2018). The new regime will apply from 25 May 2019:
Civil monetary penalties (CMPs) are fines that a court can impose as a penalty for breaching certain laws. The GDPR, part of the DPA 2018, specifies maximum CMPs for certain breaches. It’s important to note that these maximum amounts are subject to change in the future.