Ethical Issues, UK Laws, and Data Protection: A Report
VerifiedAdded on 2020/04/21
|23
|6058
|30
Report
AI Summary
This report delves into the ethical considerations surrounding the use of personal data, with a specific focus on the legal landscape in the UK, including the Data Protection Act 1998 and the General Data Protection Regulation (GDPR). The report examines the ethical issues, such as privacy, confidentiality, and security, that arise from the collection, use, and sharing of personal information. It analyzes the UK laws affecting data protection and discusses privacy and anonymity, including pseudonymisation. Furthermore, it explores how companies should secure and safeguard user data, the structures and management systems needed to comply with GDPR, and the management of user consent. The report also addresses the implications of data breaches for both companies and individuals, providing a comprehensive overview of data protection principles and practices. The report emphasizes the importance of internal policies and compliance with the evolving legal framework to protect individuals' privacy and ensure data resilience.
1
Information Management for Business Intelligence
Name
Course
Professor
School
City
Date
Information Management for Business Intelligence
Name
Course
Professor
School
City
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2
Abstract
In this report, it examines the ethical issues which surround the use of the personal data with a
focus on the relevant UK laws which relates to the data protection. Additionally, it has sought to
discuss on the issue of privacy and anonymity and how the organization are securing as well as
safeguarding the user’s personal data. The research has also looked at the new GDPR laws which
have been upgraded from the previous legislation DPA. They have added some additional
safeguards to the UK law. It will also examine on the how the companies will change their
structures to accommodate on these new laws and how they will manage the consents of its
users. Lastly, it will look at the implication of the data breach to the companies and individuals.
Prefaces
DPA Data Protection Act
GDPR General Data Protection Regulation
Abstract
In this report, it examines the ethical issues which surround the use of the personal data with a
focus on the relevant UK laws which relates to the data protection. Additionally, it has sought to
discuss on the issue of privacy and anonymity and how the organization are securing as well as
safeguarding the user’s personal data. The research has also looked at the new GDPR laws which
have been upgraded from the previous legislation DPA. They have added some additional
safeguards to the UK law. It will also examine on the how the companies will change their
structures to accommodate on these new laws and how they will manage the consents of its
users. Lastly, it will look at the implication of the data breach to the companies and individuals.
Prefaces
DPA Data Protection Act
GDPR General Data Protection Regulation
3
Table of Contents
Introduction.................................................................................................................................................4
Ethical issues on the use of personal data....................................................................................................4
UK laws that affect the use of personal data................................................................................................6
Discussion of privacy and anonymity..........................................................................................................8
How companies should secure and safeguard users’ personal data.............................................................9
GDPR context and background; discussion of extra safeguards GDPR adds to UK law...........................11
Structures and management systems commercial enterprises need to set up.............................................14
How companies should manage users’ consent.........................................................................................15
Implications of data breach........................................................................................................................17
Conclusion.................................................................................................................................................18
References.................................................................................................................................................19
Appendices................................................................................................................................................22
Appendix 1:.......................................................................................................................................22
Appendix 2:.......................................................................................................................................23
Table of Contents
Introduction.................................................................................................................................................4
Ethical issues on the use of personal data....................................................................................................4
UK laws that affect the use of personal data................................................................................................6
Discussion of privacy and anonymity..........................................................................................................8
How companies should secure and safeguard users’ personal data.............................................................9
GDPR context and background; discussion of extra safeguards GDPR adds to UK law...........................11
Structures and management systems commercial enterprises need to set up.............................................14
How companies should manage users’ consent.........................................................................................15
Implications of data breach........................................................................................................................17
Conclusion.................................................................................................................................................18
References.................................................................................................................................................19
Appendices................................................................................................................................................22
Appendix 1:.......................................................................................................................................22
Appendix 2:.......................................................................................................................................23
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4
Introduction
Collecting, using as well as sharing of personal data entails taking into consideration of the legal
landscape as well as the ethical standards by the government (Romanosky, Hoffman and
Acquisti, 2014). Based on the ethical aspect it entails the standards of the right and wrong which
is prescribed what one ought to do, which is guided by the duties, rights, costs as well as the
benefits (Acquisti, Brandimarte and Loewenstein, 2015). In the UK it has been one of the most
active regions for the regulatory enforcement actions in regards to the issues over the data
protection. In handling of personal information in regards to individuals, there are a number of
the legal obligations so as to protect that personal data under the Data protection Act of 1998.
Based on this legislation it protect individuals under certain rights, as well as impose the
obligations on those who record as well as use the personal data to be open about how the data is
used (Acquisti, Brandimarte and Loewenstein, 2015). On the ethical aspect all the research on
data need to be conducted to the highest level of integrity so as to ensure that there it is robust
and defensible. In this research it will investigate into the issues which should be considered by
the organization as well as the government which collect the personal information (Barocas and
Nissenbaum, 2014). Additionally, it will look at the introduced General Data Protection
Regulation. On this regulation it will look at the safeguards that are introduced by GDPR, the
structures which company chosen will use, the roles and responsibilities that will be defined and
how the company need to manage the consent of the users and the implications to the
organization and the individuals in case there is a data breach which may occur.
Ethical issues on the use of personal data
The personal data is the new asset class which touches all the aspects of the society. It is very
valuable resource when it comes to the 21st Century (Caudill and Murphy, 2000). Nonetheless,
Introduction
Collecting, using as well as sharing of personal data entails taking into consideration of the legal
landscape as well as the ethical standards by the government (Romanosky, Hoffman and
Acquisti, 2014). Based on the ethical aspect it entails the standards of the right and wrong which
is prescribed what one ought to do, which is guided by the duties, rights, costs as well as the
benefits (Acquisti, Brandimarte and Loewenstein, 2015). In the UK it has been one of the most
active regions for the regulatory enforcement actions in regards to the issues over the data
protection. In handling of personal information in regards to individuals, there are a number of
the legal obligations so as to protect that personal data under the Data protection Act of 1998.
Based on this legislation it protect individuals under certain rights, as well as impose the
obligations on those who record as well as use the personal data to be open about how the data is
used (Acquisti, Brandimarte and Loewenstein, 2015). On the ethical aspect all the research on
data need to be conducted to the highest level of integrity so as to ensure that there it is robust
and defensible. In this research it will investigate into the issues which should be considered by
the organization as well as the government which collect the personal information (Barocas and
Nissenbaum, 2014). Additionally, it will look at the introduced General Data Protection
Regulation. On this regulation it will look at the safeguards that are introduced by GDPR, the
structures which company chosen will use, the roles and responsibilities that will be defined and
how the company need to manage the consent of the users and the implications to the
organization and the individuals in case there is a data breach which may occur.
Ethical issues on the use of personal data
The personal data is the new asset class which touches all the aspects of the society. It is very
valuable resource when it comes to the 21st Century (Caudill and Murphy, 2000). Nonetheless,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5
the aspect of the personal data lacks the trading rules as well as policy framework which exist.
Many individuals care about their privacy and they do not often share their personal information
online (Barocas and Nissenbaum, 2014). Many fear that the data will not be protected when they
share or even think it will be shared. Some individuals rarely read the policies of the organization
which offer services. In UK the government is trying to leverage on all the personal data so as to
stimulate the aspect of innovation and drive the growth, while at the same time simultaneously
protecting persons (Pardo and Siemens, 2014). There is need for establishing internal policies so
as to ensure there is proper protection of the individual’s privacy.
There are various ethical issues which rises as a result of the personal data some are highlighted
as follows; one of the issue is in regards to the privacy. This refers to the personal right to be free
from any intrusion or perhaps the interference by others (Caudill and Murphy, 2000). It is a
fundamental rights especially in a free as well as democratic society for the personal information
for the people to be secure. People have the privacy interest in relation to their personal
information and the research could affect various domain in regards to the privacy in numerous
ways depending on the objectives and the methods. A significant aspect in regard to the privacy
is the right to control the information about an individual. The concept of consent is much related
to the right of privacy. It is respected if a person has the opportunity to exercise the control over
one personal information through consent to, or without holding the content for.
Another ethical issue which may arise in regards to personal data is that of confidentiality. The
ethical duty of the confidentiality regards to the obligation of the individuals in safeguarding on
the entrusted information (Martin, 2015). The question which could arise is would the UK
government safeguard on the personal data of their citizens? The ethical duty of confidentiality
entails obligation to protect the information from the unauthorized access, use, modification, loss
the aspect of the personal data lacks the trading rules as well as policy framework which exist.
Many individuals care about their privacy and they do not often share their personal information
online (Barocas and Nissenbaum, 2014). Many fear that the data will not be protected when they
share or even think it will be shared. Some individuals rarely read the policies of the organization
which offer services. In UK the government is trying to leverage on all the personal data so as to
stimulate the aspect of innovation and drive the growth, while at the same time simultaneously
protecting persons (Pardo and Siemens, 2014). There is need for establishing internal policies so
as to ensure there is proper protection of the individual’s privacy.
There are various ethical issues which rises as a result of the personal data some are highlighted
as follows; one of the issue is in regards to the privacy. This refers to the personal right to be free
from any intrusion or perhaps the interference by others (Caudill and Murphy, 2000). It is a
fundamental rights especially in a free as well as democratic society for the personal information
for the people to be secure. People have the privacy interest in relation to their personal
information and the research could affect various domain in regards to the privacy in numerous
ways depending on the objectives and the methods. A significant aspect in regard to the privacy
is the right to control the information about an individual. The concept of consent is much related
to the right of privacy. It is respected if a person has the opportunity to exercise the control over
one personal information through consent to, or without holding the content for.
Another ethical issue which may arise in regards to personal data is that of confidentiality. The
ethical duty of the confidentiality regards to the obligation of the individuals in safeguarding on
the entrusted information (Martin, 2015). The question which could arise is would the UK
government safeguard on the personal data of their citizens? The ethical duty of confidentiality
entails obligation to protect the information from the unauthorized access, use, modification, loss
6
or even theft. Another ethical issue is that of security (Martin, 2015). This relates to the measures
which is used to protect the information. It could include the physical, technical as well as the
administrative (Ogbanufe and Avery, 2016). The UK government should adopt as well as
enforce appropriate security measures as part of their confidentiality duties. Some of the physical
safeguards could entail the use storing of the personal data away from the public areas (Slade and
Prinsloo, 2013). The aspect of the administrative safeguards entails the development as well as
the enforcement of the rules in regards to who to access the personal data of individuals (Slade
and Prinsloo, 2013). The aspect on the technical safeguard entails the use of the passwords,
firewalls as well as encryption to their system and other measures which could protect the data
from the unauthorized access or even the loss and modification.
UK laws that affect the use of personal data
The laws which relate to the data protection of personal data are designed in order to regulate the
organization which are regarded as the data controllers those who collect and process
information relating to identifiable personal with the rights in relation to such data (Caudilland
Murphy, 2000). In the UK the position has been currently governed by the Data Protection Act
1998, which is designed to comply with the European Union Directive on the aspect of the Data
Protection so as to harmonize the various data protection laws that are within the numerous
Member States (Caudill and Murphy, 2000). The personal data are the information in regards to
living individuals who could be identified from the information as well as other which is in or
likely come into the data controller possession and could be minimal.
The Data Protection Act will be replaced by the EU General Data Protection Regulation
framework with much greater scope and tougher punishment for those who fail in complying
or even theft. Another ethical issue is that of security (Martin, 2015). This relates to the measures
which is used to protect the information. It could include the physical, technical as well as the
administrative (Ogbanufe and Avery, 2016). The UK government should adopt as well as
enforce appropriate security measures as part of their confidentiality duties. Some of the physical
safeguards could entail the use storing of the personal data away from the public areas (Slade and
Prinsloo, 2013). The aspect of the administrative safeguards entails the development as well as
the enforcement of the rules in regards to who to access the personal data of individuals (Slade
and Prinsloo, 2013). The aspect on the technical safeguard entails the use of the passwords,
firewalls as well as encryption to their system and other measures which could protect the data
from the unauthorized access or even the loss and modification.
UK laws that affect the use of personal data
The laws which relate to the data protection of personal data are designed in order to regulate the
organization which are regarded as the data controllers those who collect and process
information relating to identifiable personal with the rights in relation to such data (Caudilland
Murphy, 2000). In the UK the position has been currently governed by the Data Protection Act
1998, which is designed to comply with the European Union Directive on the aspect of the Data
Protection so as to harmonize the various data protection laws that are within the numerous
Member States (Caudill and Murphy, 2000). The personal data are the information in regards to
living individuals who could be identified from the information as well as other which is in or
likely come into the data controller possession and could be minimal.
The Data Protection Act will be replaced by the EU General Data Protection Regulation
framework with much greater scope and tougher punishment for those who fail in complying
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
7
with the new rules around the storage as well as handling personal data (Schwartz and Solove,
2014).
The data protection law has various implications to the businesses in the UK (Townend, 2017).
In these laws it will ensure data resilience and also provide some challenges for the business in
regards to getting their houses order (Floridi and Taddeo, 2016). Many of the organizations will
need to review their data privacy as well as protection policies in order to be compliant with the
new laws.
Data protection Act 1998: This law controls the collection as well as the storage of individual’s
personal data. The data controller will need to register with the ICO. Organization will only
collect the minimum data which is necessary for the tasks they are performing (Slade and
Prinsloo, 2013). Additionally, they will only need to store personal data for longer than the
necessary for the task they are undertaking.
Privacy and electronic communications regulations 2011: This law controls the ways in which
organizations as well as the public bodies use the electronic communications in order to market
their services to the consumers (Solomon, 2017). In this law an organization cannot send
unsolicited emails, tests or even the voicemail message unless they have the consent of the users
in doing so (Floridi and Taddeo, 2016). Moreover, they are not able to ask the users to send them
marketing message to friends or give them their friend contact details for the purpose of
marketing, unless one is confident they have received the consent from each of their friends.
Among the new conditions one of the biggest change to the SMEs they will face concerns
consent. Under the new regulations, the companies should keep a thorough record in regards to
how and when an individual gives consent to store and use their personal data. The aspect of
with the new rules around the storage as well as handling personal data (Schwartz and Solove,
2014).
The data protection law has various implications to the businesses in the UK (Townend, 2017).
In these laws it will ensure data resilience and also provide some challenges for the business in
regards to getting their houses order (Floridi and Taddeo, 2016). Many of the organizations will
need to review their data privacy as well as protection policies in order to be compliant with the
new laws.
Data protection Act 1998: This law controls the collection as well as the storage of individual’s
personal data. The data controller will need to register with the ICO. Organization will only
collect the minimum data which is necessary for the tasks they are performing (Slade and
Prinsloo, 2013). Additionally, they will only need to store personal data for longer than the
necessary for the task they are undertaking.
Privacy and electronic communications regulations 2011: This law controls the ways in which
organizations as well as the public bodies use the electronic communications in order to market
their services to the consumers (Solomon, 2017). In this law an organization cannot send
unsolicited emails, tests or even the voicemail message unless they have the consent of the users
in doing so (Floridi and Taddeo, 2016). Moreover, they are not able to ask the users to send them
marketing message to friends or give them their friend contact details for the purpose of
marketing, unless one is confident they have received the consent from each of their friends.
Among the new conditions one of the biggest change to the SMEs they will face concerns
consent. Under the new regulations, the companies should keep a thorough record in regards to
how and when an individual gives consent to store and use their personal data. The aspect of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8
consent will mean there is an active agreement (Floridi and Taddeo, 2016). It can no longer be
inferred and organization which control how and why the data is processed would have to clearly
audit trail of the consent. Individuals have the rights to withdraw consent at any given time,
easily and swiftly. When they withdraw consent, the organization should permanently erase their
personal data and this new GDPR law gives the individuals the right to be forgotten.
Discussion of privacy and anonymity
Privacy is the ability of individual to seclude information about themselves. The boundaries and
content to which is regarded as private differ among individuals, but share a common themes.
Under the privacy law if a country such as UK is dealing with the personal data, they are outside
the scope of legislation (Caudill and Murphy, 2000). The aspect of privacy and anonymity gets
complicated in the age of the data. According to EU GDPR, the personal data is defined to
whether or not the person could be identified directly or even directly. In UK there is
introduction of the concept of pseudonymisation in order to address the privacy and anonymity
(Floridi and Taddeo, 2016). It talks about the process, which alters on the personal data in
regards to the individual personal data which can longer be attributed to the specific subject data,
without the use of the additional information.
The challenge of the data privacy is to utilize while protecting on the individuals preferences as
well as their personally identifiable information (Narayanan, Huey and Felten, 2016). the laws
and the regulations related to privacy of personal data are changing constantly especially in UK,
therefore, it is important to keep abreast of the various changes in the law and to continually
reassess the compliance with the data privacy as well as the security regulations.
Anonymity:
consent will mean there is an active agreement (Floridi and Taddeo, 2016). It can no longer be
inferred and organization which control how and why the data is processed would have to clearly
audit trail of the consent. Individuals have the rights to withdraw consent at any given time,
easily and swiftly. When they withdraw consent, the organization should permanently erase their
personal data and this new GDPR law gives the individuals the right to be forgotten.
Discussion of privacy and anonymity
Privacy is the ability of individual to seclude information about themselves. The boundaries and
content to which is regarded as private differ among individuals, but share a common themes.
Under the privacy law if a country such as UK is dealing with the personal data, they are outside
the scope of legislation (Caudill and Murphy, 2000). The aspect of privacy and anonymity gets
complicated in the age of the data. According to EU GDPR, the personal data is defined to
whether or not the person could be identified directly or even directly. In UK there is
introduction of the concept of pseudonymisation in order to address the privacy and anonymity
(Floridi and Taddeo, 2016). It talks about the process, which alters on the personal data in
regards to the individual personal data which can longer be attributed to the specific subject data,
without the use of the additional information.
The challenge of the data privacy is to utilize while protecting on the individuals preferences as
well as their personally identifiable information (Narayanan, Huey and Felten, 2016). the laws
and the regulations related to privacy of personal data are changing constantly especially in UK,
therefore, it is important to keep abreast of the various changes in the law and to continually
reassess the compliance with the data privacy as well as the security regulations.
Anonymity:
9
Anonymity regards to sanitization of the information intent in private protection. It can be the
process of encrypting or even removing personally identifiable information from the personal
data set so as individuals whose data describe could remain anonymous (Solove and Schwartz,
2014). According to the GDPR it highlights that the principles of the data protection does not
apply to the anonymous information, especially to the information which does not relate to the
identified or even the identifiable natural person or to personal data which is rendered
anonymous in a manner which the data subject is not or no longer identifiable. Therefore, this
regulation does not concern the process of such anonymous data (Floridi and Taddeo, 2016).
Nonetheless, despite this many have viewed anonymized data as unsafe since the most
sosphicated techniques could be reversed with the right data sets. The purpose of the anonymity
is to protect a person privacy, in order to ensure that the information is treated properly and the
identifiable data is processed by few individuals as possible.
Figure 1: The diagram shows the aspect of anonymity and Privacy.
How companies should secure and safeguard users’ personal data
The information which is trusted to the companies by the customers should be protected not only
for the purpose of the organization brand. When the companies use the personal data or
information which is provided or entrusted to them, this data needs to be used accordingly to the
Anonymity regards to sanitization of the information intent in private protection. It can be the
process of encrypting or even removing personally identifiable information from the personal
data set so as individuals whose data describe could remain anonymous (Solove and Schwartz,
2014). According to the GDPR it highlights that the principles of the data protection does not
apply to the anonymous information, especially to the information which does not relate to the
identified or even the identifiable natural person or to personal data which is rendered
anonymous in a manner which the data subject is not or no longer identifiable. Therefore, this
regulation does not concern the process of such anonymous data (Floridi and Taddeo, 2016).
Nonetheless, despite this many have viewed anonymized data as unsafe since the most
sosphicated techniques could be reversed with the right data sets. The purpose of the anonymity
is to protect a person privacy, in order to ensure that the information is treated properly and the
identifiable data is processed by few individuals as possible.
Figure 1: The diagram shows the aspect of anonymity and Privacy.
How companies should secure and safeguard users’ personal data
The information which is trusted to the companies by the customers should be protected not only
for the purpose of the organization brand. When the companies use the personal data or
information which is provided or entrusted to them, this data needs to be used accordingly to the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
10
purpose it was agreed (Pardo and Siemens, 2014). The federal Trade Commission’s enforces
various penalties against the organization which have negated so as to ensure the privacy of the
customer data. As a result of the escalation as well as the increase in threat in the public as well
as public sector, it is important for the companies to safeguard the personal data of the customer.
This could take place through having a data security policy in place (Murray, 2013). Making sure
that the company data is private and used properly could be near to impossible task which
involves various layer of security which could include technology that is able to scans for
vulnerabilities. Some of the secure and safeguard measures to ensure security of personal data
are as follows;
Ensuring data security accountability: The companies needs to ensure that their information
technology workers as well as the management are aware that their responsibilities and what is
expected them. The various type of data need to be classified so that the workers and the
management do understand the differences. Through the categorization of the data, the workers
are much aware of how to handle each kind of the data which is allowed to distribute. Important
classes include the policy entails confidential data, data which is meant to be sent internally
within the organization.
System data security policies: The security configuration to all the essential servers as well as
the operating system is important to the data security policy. There should be clear networks and
management of the accounts along with the passwords.
Account monitoring and the control: It is important for the organization to keep track of who
is accessing what is significant component of the data security policy. Some of common sources
of the digital compromises are much legitimate but they are inactive user accounts. There are
various categories which a security policy such as the data and network segmentation, identity
purpose it was agreed (Pardo and Siemens, 2014). The federal Trade Commission’s enforces
various penalties against the organization which have negated so as to ensure the privacy of the
customer data. As a result of the escalation as well as the increase in threat in the public as well
as public sector, it is important for the companies to safeguard the personal data of the customer.
This could take place through having a data security policy in place (Murray, 2013). Making sure
that the company data is private and used properly could be near to impossible task which
involves various layer of security which could include technology that is able to scans for
vulnerabilities. Some of the secure and safeguard measures to ensure security of personal data
are as follows;
Ensuring data security accountability: The companies needs to ensure that their information
technology workers as well as the management are aware that their responsibilities and what is
expected them. The various type of data need to be classified so that the workers and the
management do understand the differences. Through the categorization of the data, the workers
are much aware of how to handle each kind of the data which is allowed to distribute. Important
classes include the policy entails confidential data, data which is meant to be sent internally
within the organization.
System data security policies: The security configuration to all the essential servers as well as
the operating system is important to the data security policy. There should be clear networks and
management of the accounts along with the passwords.
Account monitoring and the control: It is important for the organization to keep track of who
is accessing what is significant component of the data security policy. Some of common sources
of the digital compromises are much legitimate but they are inactive user accounts. There are
various categories which a security policy such as the data and network segmentation, identity
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11
and access management. There is need to address the organization entire security posture,
monitoring on the activity across each asset within an organization.
Encrypt the data: It is important to keep the organization system secure especially on their
browser. To guard on the customer data such as the online transaction, it is important to encrypt
information which scrambles the information which send one over the internet. The information
need to be secure the clients data always when it is transmitted. Additionally, the organization
should keep the password private. The use of passwords strong password would enable an
organization to safeguard on the customer personal data more secure and ensure that the
attackers do not have an access to this kind of data.
Figure 2: The diagram shows how organization secure personal data
GDPR context and background; discussion of extra safeguards GDPR adds to UK law
The GDPR is the new EU privacy law, which has been aimed in bringing order to the patchwork
of the privacy rules across the European Union (Walker-Osborn and Barry, 2016). This law is a
regulation rather than a directive, and it has been binding the legal force and would be
immediately enforceable as the law in the EU member states. This new law will grant individual
and access management. There is need to address the organization entire security posture,
monitoring on the activity across each asset within an organization.
Encrypt the data: It is important to keep the organization system secure especially on their
browser. To guard on the customer data such as the online transaction, it is important to encrypt
information which scrambles the information which send one over the internet. The information
need to be secure the clients data always when it is transmitted. Additionally, the organization
should keep the password private. The use of passwords strong password would enable an
organization to safeguard on the customer personal data more secure and ensure that the
attackers do not have an access to this kind of data.
Figure 2: The diagram shows how organization secure personal data
GDPR context and background; discussion of extra safeguards GDPR adds to UK law
The GDPR is the new EU privacy law, which has been aimed in bringing order to the patchwork
of the privacy rules across the European Union (Walker-Osborn and Barry, 2016). This law is a
regulation rather than a directive, and it has been binding the legal force and would be
immediately enforceable as the law in the EU member states. This new law will grant individual
12
more control over how others utilize their personal data (Libert, 2015). The law has been
designed to sign the European privacy rules into the British law along with update of the existing
Data Protection Act that had not changed since 1998. This law also include reform of the right to
be forgotten which allow people to ask organization including the social media for their data
from being erased.
Figure 3: The diagram shows a graph to highlight if organization in UK are ready for GDPR
The key changes to the existing to the UK law are;
Much tougher reporting as well as notification obligations. Under the existing legislation in the
UK, there has been no legal obligation in reporting data breaches to the information
Commissioners (Murray, 2013). This bill entailed a mandatory reporting requirement (Fuster,
2014). The data controllers would have to notify the information Commissioner, which would
not be later than seventy two hours after becoming aware of breach, unless they are able to
highlights that the breach is not possible to result to any risk for right as well as the freedom of
data (Weingärtner and Westphall, 2014).
more control over how others utilize their personal data (Libert, 2015). The law has been
designed to sign the European privacy rules into the British law along with update of the existing
Data Protection Act that had not changed since 1998. This law also include reform of the right to
be forgotten which allow people to ask organization including the social media for their data
from being erased.
Figure 3: The diagram shows a graph to highlight if organization in UK are ready for GDPR
The key changes to the existing to the UK law are;
Much tougher reporting as well as notification obligations. Under the existing legislation in the
UK, there has been no legal obligation in reporting data breaches to the information
Commissioners (Murray, 2013). This bill entailed a mandatory reporting requirement (Fuster,
2014). The data controllers would have to notify the information Commissioner, which would
not be later than seventy two hours after becoming aware of breach, unless they are able to
highlights that the breach is not possible to result to any risk for right as well as the freedom of
data (Weingärtner and Westphall, 2014).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.