1. What is data protection law?
Data protection law controls how individuals’ personal information is used by organisations, businesses and the government. It is designed to protect individuals’ personal data regardless of whether that data is automated (for example, personal data on a computer) or part of a manual filing system.
In the UK, the Data Protection Act 1998 (the "DPA 1998") sets out the law on the processing of data on identifiable, living people and is the main piece of legislation that governs data protection. Later this year, however, the General Data Protection Regulation (the "GDPR") will be introduced into law and the DPA 1998 will be replaced by a new Data Protection Act, with the effect of modernising the UK’s data protection regime.
2. What is the GDPR?
The GDPR is a new piece of EU legislation. It will provide the legal framework for data protection across all of the EU’s member states.
As it is a "regulation", rather than a "directive", the GDPR will apply in member states without the need for national legislation to implement its provisions. This means that, once it takes effect, it will have an immediate impact on data protection across the EU.