In the wake of TikTok being fined 12.7m UK pounds by the Information Commissioner's
Office ('ICO'), we look at some of the key data protection issues in the
UK. We consider what you should be doing in your business as we approach
the fifth anniversary of the General Data Protection Regulation 2016/679
In the UK, data protection is governed by the Data Protection Act 2018, which implements the GDPR. The GDPR came effect on 25 May 2018 and strengthened the rights of data subjects in the EU (of which the UK was still part). It also increased enforcement of breaches of data protection principles. The GDPR was a pivotal moment in the commitment of the EU to data privacy.
The Data Protection Act 2018 sets out the rules for collecting and processing personal data. The definition of personal data is now much wider than the previous definition of personal data. It now includes any data which can identify a living person, such as name, address, date of birth, IP address, picture, social media handles, bank details, medical records etc.