What is Data Protection?

21 October 2020

Data protection affects everyone within a business.

It is the fair use of information about people gathered by businesses. It is an extension of one’s fundamental right to privacy, as well as treating them fairly and giving them control of their own data and identity. 

They set the UK data protection regime out in the DPA 2018 and the GDPR (which also forms part of UK law).

These include the rights of a customer, client or employee to request this information, as well as how anyone can use the data.

Why is data protection important?

Questions can arise when considering the importance of maintaining data security. This includes minimising personal data breaches.

It is important to ensure people can trust you when giving you their data. That you will handle it fairly and responsibly. If there is no trust, they will be far less likely to do business with you.

It’s also about removing unnecessary barriers to trade and cooperation. It exists in part because of international treaties for common standards that enable the free flow of data across borders. 

What is personal data?

It is data that contains personal information about a living individual. If you can use the data to identify a person, either on its own or with additional data, it will count as personal information.

This mainly refers to data and electronic records. However, paper records can count if there is intent to upload them to a computer. 

This data does not have to be private, even information which is public knowledge or is about someone’s professional life can be personal data.

What is processing?

Almost anything you do with the data constitutes as processing, so therefore it is essential you are aware of data protection. Here are some examples of processing data:

  • Collecting it
  • Recording it
  • Storing it
  • Using it
  • Analysing it
  • Combining it
  • Disclosing it 
  • Deleting it

Is data protection a criminal offence? 

Some may be unsure of just how important data protection is. One common question is, “is it a criminal offence not to have data protection?”

Simply put, yes, not adhering to data protection laws can be a criminal offence.

Processing personal information in a workplace requires you to adhere to data protection laws.

Law states you must comply with regulations if you collect information about individuals for any reason other than your own personal, family or household purposes. 

These fines can cost your business up to 10 million Euros. Or, in some extreme cases, 20 million Euros.

So, can you be punished for data protection? Yes; if it isn’t up to scratch.

To avoid these fines, you must understand how to conduct proper data protection impact assessments.

This includes identifying high-risk areas and how to handle data protection complaints. It also addresses how to prevent a data protection breach at work.

Who enforces data protection legislation in the UK?

The Information Commissioner’s Office strives to update regulations for greater protection. They are the ones who oversee data protection issues in the UK.

The Information Commissioner is the one who has the power to issue fines. They can do so to any companies or businesses that infringe on data protection laws.

It is common confusion on who from the Information Commissioner’s Office (the ICO) acts on behalf of the Information Commissioner. The answer to this is a Data Protection Officer.

But what is a data protection officer? In the broadest terms, a data protection officer will represent the ICO to inspect a company’s data protection protocols. They have the power to issue fines in the event these aren’t adequate for customer or client protection.

It’s a data protection officer who enforces data protection legislation in the UK.

Processing personal information in a workplace requires you to adhere to data protection laws.

These fines can cost your business up to 10 million Euros. Or, in some extreme cases, 20 million Euros.

So, can you be punished for data protection? Yes; if it isn’t up to scratch.

To avoid these fines, you must understand how to conduct proper data protection impact assessments.

This includes identifying high-risk areas and how to handle data protection complaints. It also addresses how to prevent a data protection breach at work.

Knowing what counts as a breach of data protection is just the first step in avoiding data protection fines.

What constitutes a breach of data protection?

A breach of data protection isn’t solely when someone steals it. There are other examples for a breach, including:

  • Accidentally shared: this includes an untrained or incompetent member of staff altering or sharing the data.
  • Accidental loss: this includes a fire destroying the sole paper copy or in the event of a hard drive erasion. Both of these examples only refer to data that has no back-up.

These examples prove that data protection breaches at work can be both accidental and intentional. Regardless of whether it’s malicious intent or incompetence, companies must address data protection breaches.

After all, knowing what a breach of data protection is just the first step. GDPR states that the data controller must inform the supervisory authority. They must do so within 72 hours of becoming aware of it.

Do I need to register for data protection?

Yes, if you are a data controller.

A data controller determines the purpose and means of personal data processing. It can be either an individual or the company that they work for as a whole.

Understanding how to register with the ICO is one of the ways we can help you learn how to protect data.

How do I protect data?

Establishing protocols for protecting data is one of the best ways to protect data. There are also plenty of other effective methods to protect data.

  • Reinforce basic protocols: ensuring that employees keep their password private is one of the simplest protocols. There are other data protection protocols, such as being aware of phishing emails and how to avoid them. This includes knowing who to report impersonators to and never sharing sensitive information.
  • Encrypt your data at all opportunities: encryption software safely scrambles information sent online. This ‘locks’ any data sent, making it harder to crack in the event someone tries to steal it during online transmissions. A ‘lock’ icon will appear on the status bar of an internet browser if it’s safe.
  • Invest in proper security software: secure software will always help protect data. Firewalls, anti-spyware, and anti-virus software will keep data protected.

Even the most prepared company needs help at times. We can answer questions and clear up confusion about data protection.

Expert assistance from Peninsula

With Peninsula, you can learn about the Information Commissioner's Office. We help clarify what they consider a criminal offence.

Breaches data protection can be damaging to a business. Large fines, a loss of clients and industry reputation are just some of the negative consequences.

Peninsula has the expertise that can help any business avoid these issues. Whether you need to discuss how to prevent data breaches or address conflicts of interest, get in touch with us today on 0800 028 2420.

Suggested Resources