Employmentbuddy - Your best buddy in human resources

Data Protection - An Overview

Data Protection legislation aims to protect and safeguard individual’s personal data.

The General Data Protection Regulation ((EU)2016/679) (GDPR) is a European Regulation which came into force in all EU member states on 25th May 2018.  In the UK, the Data Protection Act 2018 (“DPA”) implements the GDPR into UK law.  The DPA largely mirrors and expands upon the GDPR. 


Your obligations under data protection legislation vary depending on whether you are a Data Controller or Data Processor.

A Data Controller is a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A Data Processor is a natural or legal person which processes personal data on behalf of the controller. 

See our factsheet ‘Data Controllers and Data Processors’ for more information.

2.                WHAT IS PERSONAL DATA

The DPA applies to ‘Personal Data’.  This is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition is wide and may include a person’s name, identification number or online data (such as IP address).

See our factsheet “What is Personal Data?” for more information.

3.                THE LEGAL PRINCIPLES

The DPA sets out a number of core principles that Data Controllers and Data Processors must comply with when processing data.  These are the main responsibilities for organisations and underpin the entire data protection regime.

Inherent in these principles, is the requirement for Data Controllers have a legal basis for its processing. 

See our factsheet “The Legal Principles” for more information.

4.                DATA SUBJECT'S RIGHTS

Data subjects have numerous rights under the DPA including the right to be informed, the right of access to their personal data, the right to data portability and the right to be forgotten.

See our factsheets listed below for more information on these rights: 

  • Data Subject’s Rights
  • Data Subject Access Requests


Where a Data Controller will be transferring data outside of the EU International transfers of personal data attract specific protection under the DPA.

See our factsheet “International Transfers” for more information.

6.                DATA BREACHES

The DPA increases the penalties the Information Commissioner’s Officer can make in the event of a data protection breach and contains mandatory reporting obligations.

See our factsheet on “Data Breaches” for more information.


Last updated on 06/12/2018 16:48:03 | #Data Protection