Originaly, General Data Protection Regulation(GDPR) was a regulation in the EU law that ensures data
protection and privacy for citizen of EU and EEA. It was implemented in the uk in 2018, alongside the Data Protection Act
The data protection in the UK is enforced by the information commissioner, an independent authority
that wants to uphold information rights, promoting openess by public bodies and privacy for individuals datawise.
THE PRINCIPLES
systems that utilize data must protect them while uphelding the following principles:
USED FAIRLY, LAWFULLY AND TRANSPARENTLY
USED FOR SPECIFIED, EXPLICIT PURPOSES
USED SO THAT THE DATA USED IS LIMITED ONLY FOR THE NECESSARY
ACCURATE AND KEPT UP TO DATE(WHERE NEEDED)
KEPT FOR NO LONGER THAN NECESSARY
MAKE THE DATA HONEST AND CONFIDENTIAL.
There is a stronger legal protection for more sensitive information and
you can find it here as well as some other information regarding the principles.
OUR RIGHTS
Under the Data Protection Act 2018 we spoken about before, you have the right to know the usage of your information
by the goverment and other organizations including
how your data is used, access it, fix incorect data or erase it,
restrict or entirely stop its processing and object when the data is processed in certain circumstances.
ACCESSING THE DATA
As previously mentioned, you have the right to access your data. If you want to see it, you need to make a written request.
If it's a public organization, write to the data protection officer (DPO). If you can't seem
to find their contact details, write to the company secretary.
The organization then must give you your data as fast as possible, one month at most.
However, if the request is complex or there are multiple, the organization can take 2 more months to provide data.
In that case, they must tell you within a month of the request and the reasoning for the delay.
There are couple of cases where the organization is allowed to withhold the information if it's about:
1) Prevention, detection or investigation of a crime
2) National security or the armed forces
3) The assessment or collection of tax
4) judicial or ministerial appointments
The organization doesn't have to reason behind the withholding of the data.
Requests for the data are usually free, however the organisation holding the data might charge you if
you either asking for a large amount of information or the request will take a lot of time and effort to process
WHAT TO DO IF SOMETHING IS WRONG?
If you think the given data has been misused or the organization holding it hasn't kept it secure, you should contact them and tell it.
If you are unhappy with their response or need any advice, you should contact the Information Comissioner's Office.
SOME EXAMPLES OF THE DATA PROTECTION BREACH
In 2019, British Airways were fined for £183 million for its poor security arrangments, which saw the unauthorised use
of data like costumer names, home addresses, travel booking information and card details.
Another famous breach that happened in December 2014, with a large number of compromised records of 3 billion, was the breach of Yahoo.
The web service provider suffered a colossal data breach after an employee fell victim to a phishing attack.
