Digital technology has transformed almost every aspect of our lives. A lot has changed over the last 20 years since the last Data Protection Act was passed in 1998. In that year Celine Dion had a chart topping hit with “My heart will go on” and mobile phones were just phones.
To make our data protection laws fit for the digital age there is a new law. It requires the UK to comply from 25 May 2018 via the Data Protection Bill. Part of this Bill will apply the EU’s General Data Protection Regulation (GDPR) standards, preparing Britain for exiting the EU. By having strong data protection laws and appropriate safeguards, businesses will be able to operate across international borders.
I am part of the Knowledge and Information team at Defra running the Data Protection Programme. This programme is modernising our practices around personal data, ensuring Defra group complies with these new standards.
So what is personal data?
The Defra group works with lots of personal data from someone applying for a permit to the information we hold about our staff.
Personal data is any information relating to an identified or identifiable person. This means any information which can be used to identify somebody (especially when cross-referenced with other data).
What are the changes the Bill brings in?
This risk based legislation modernises data law and strengthens existing rights to protect personal data. It empowers individuals to take control of data about them. They can request their data is supplied, deleted or amended.
There are quicker timescales to respond to such requests, greater assurance required to safeguard personal data and transparency about how we use it. The definition of personal data has expanded too. It now includes online identifiers, such as IP addresses and cookies.
How we are preparing for GDPR?
We want everyone we work with to trust us to manage their data properly. That means we must know the personal data we hold across Defra group and we can demonstrate we know where it’s from and where it goes so we can manage the risks.
We’ve set up a number of work streams. They cover topic areas from making sure we have inventories of our personal data to communication and training, ensuring all of our staff know what the changes are and what they have to do.
It’s an exciting time. I’m proud to be part of the team modernising our approach to personal data, making sure it is fit for a digital age. There’s still more work to do over the coming months. We’ll update you on our journey.