-
By miguel-ingles
- In Uncategorized
Complying with applicable regulations regarding the processing of personal information is a requirement that all companies in the UK must commit to. Otherwise, they may face legal problems, in addition to the loss of trust of their customers. In this article, I explain the GDPR and data protection for Businesses.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European law that concerns the privacy and protection of personal information. The GDPR applies when a company has its headquarters in EU territory or if its offices are outside the EU, but it deals with the data of citizens of member countries.
Despite the exit of the UK from the European Union, this regulation continues to apply in the country. However, the UK authorities have amended some precepts of the rules, particularly those regarding the transfer of data between the UK and the European Economic Area.
When Does the GDPR Allow a Company to Process Personal Data?
There are several ways to process data legally and lawfully. These are:
- The interested person gives their express consent. This individual must have accepted consciously and unequivocally. Moreover, the corporation must have given them the option to withdraw their authorization if they wish.
- To execute the clauses of a contract with the interested party.
- To comply with certain legal obligations. For example, keeping invoices for tax reasons.
- Defence of legitimate self-interests. To protect the company from possible scams or frauds.
- Purpose of public interest. Normally, for public organizations to carry out statistical studies.
- Protection of vital interests. It may be the case that it is necessary to collect certain data in order to prevent the death of a person.
On another note, the UK GDPR considers individuals aged 13 or above as adults. From this threshold, they can give their consent as adults for data processing reasons. In the case of children under 13 years of age, the interested party may not give their authorization. It will be their legal guardians who will be the ones that grant it.
Additionally, the GDPR does not apply when the data subject has died, if they are a legal person or if an individual carries out the processing of data for purposes outside their commercial, business or professional activities.
Data Protection Laws apart from GDPR for businesses in the UK
In addition to GDPR compliance, companies in the UK will also be required to comply with other regulations that protect the personal information of their customers or employees. Some examples would be: to keep their personal addresses, to annotate of their workers’ labour hours, or to provide customer’s shipping data to courier companies. These rules apply, inter alia, during hiring processes, when a business markets new products and services or if it uses video surveillance cameras.
The competent authorities have established basic principles of data protection. These include:
- Keeping stored data securely. This include protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. Appropriate technical or organizational measures shall be used for this purpose.
- Legality and transparency. Informing users about the usages of the data they collect from them.
- Minimisation of data. The enterprise will only collect the information relevant and necessary for the reasons for which it needs the data.
- The business will store the data only for as long as is essential to complete the objectives of the information processing that the company is carrying out.
Finally, each business must inform the Information Commissioner’s Office (ICO) about the uses of personal data and answer the requests for data protection if an individual asks about the information that the company holds about them.
In ukstartcompany, you will find information about how to establish, register and operate companies with different legal structures and business activities in the UK.