Since the publication of the General Data Protection Regulations in 2016, and the subsequent enactment of the Data Protection Act 2018, there has been a drastic change in the approach to the use of personal data, and a renewed focus on Confidentiality, Integrity and Availability. There is now recognition of the rights of the individual, with organisations forced to think more carefully about the way that they work with data.
Cambridge Risk Solutions have a deep understanding of data protection, and experience in ensuring that clients have embedded effective and practical solutions that ensure data protection becomes part of the organisational culture, which meets all regulatory requirements.
Personal data is ‘information that relates to an identified or identifiable individual’. In other words, it could be data that is directly linked to an individual (name, identification number, email address (whether work or personal) or IP address) or it could be information that, taken together, could identify an individual (postcode, house number, age).
Special Category Data is more sensitive data, which includes:
Special category data needs more protection, and an additional lawful basis for processing.
The definition of processing is very wide, and includes:
There are seven key principles for data protection:
There are six lawful bases for processing data, and it is important that you identify the correct basis depending on your relationship with the data subject and the purpose for processing the data:
a. Consent, where there is clear consent to process the data for a specific purpose
b. Contract, where the processing is necessary for a contract or for specific steps before entering that contract
c. Legal Obligation, where you need to comply with the law
d. Vital Interest, where the processing is vital to save someone’s life
e. Public Task, where you need to process for the public interest or official functions (eg local government), and the function has a basis in law
f. Legitimate Interest, where is is necessary for the legitimate interest of the third party or for your legitimate interest.
For each of these bases, there is detailed guidance available to ensure that you are using the most relevant.
Cambridge Risk Solutions provides a range of services to assist with the implementation of effective Data Protection policies and procedures, and have an experienced Certified Data Protection Officer who can assist with your data protection compliance.
View some case studies of recent Data Protection projects.