Top 10 Questions Answered on Data Protection in 2022

Lisa Baker, Editor, UK Business News July 8, 2022

Data protection has been a hot and even somewhat controversial topic since the EU first amended its old data protection act with the new General Protection Data Regulations (GDPR). These new regulations brought data protection into the light as it pertains to individuals. Data and the protection thereof is now seen as a basic right of all individuals—an extension of themselves.

The importance that governments and regulatory bodies have placed on data in recent years has meant many organisations and businesses around the world need to know the fine print. They need to know they understand data and data protection and their obligations. With these new shifts in perspective in regards to data and data protection come questions that individuals and businesses alike need answering.

In this article, we’re going to cover and answer the top 10 questions surrounding data protection in 2022. From the very definition of data protection to what’s involved in data protection services, we’ve got your answers.

 

1.  What is data protection?

Data protection broadly defined refers to the collecting, processing and storing of an individual’s personal data and how it’s protected. Data protection is the process of safeguarding important information from corruption, compromise or loss. More generally, data protection refers to GDPR and the shift in focus it brought about when it was first passed into law. It refers to how personal information held on individuals by organisations can be used and the rights of individuals in regards to their data.

 

2.  What is the GDPR?

GDPR refers to the specific regulations brought into law by the EU, the UK and other nations since. GDPR came into effect on 25 May 2018 and brought data and the protection of it and the rights of individuals into a new light.

GDPR relates to the protection of personal data and the rights of individuals over their data. The main objective is to give individuals more control over their personal data. It helps ease the flow of personal data and increases privacy and rights for citizens.

 

3.  What are the main responsibilities of GDPR for businesses?

Under the GDPR, businesses must meet six data protection principles whenever they deal with processing personal data. This includes ensuring their use of personal data is lawful, fair and transparent, with data collected only for specific and lawful purposes and data must be accurate, kept up-to-date and kept only for as long as needed. Organisations that collect data must also protect it from misuse and exploitation.

Complying with GDPR also means that if a data breach happens, which includes lost and stolen data, businesses are required to report specific types of breaches to the relevant supervisory authority within 72 hours of them becoming aware of the incident.

 

4.  What are data protection services?

Data protection services are services supplied to organisations from large corporations to small and medium-sized businesses traverse the complex landscape of data protection. They offer advice, guidance and specific services such as outsourced DPOs. Outsourced DPOs have the expertise to help organisations better understand their data protection obligations, stay up-to-date with regulations as they unfold and be compliant with data protection laws and regulations.

 

5.  Do all organisations need to appoint a DPO?

While it’s not compulsory for all organisations to appoint a DPO, it does depend on several factors whether or not yours will need to appoint one. The Information Commissioner’s Office (ICO) in the UK states that a DPO is required if companies:

  • Are a public authority (with the exception of courts acting in their judicial capacity).
  • Carry out large-scale systematic monitoring of individuals, such as online behavioural tracking.
  • Carry out large-scale processing of special categories of data or data that relates to criminal convictions and offences.

Most organisations appoint a DPO. They may use data protection services to help them with this process. Even if an organisation isn’t required to appoint a DPO because none of the above applies to them, they’re still required to ensure they have the staff and skills in place to carry out their GDPR obligations.

 

6.  Who does data protection affect?

To understand this, you first need to understand what it applies to.

Data protection, which in this context will refer to as GDPR, applies to personal data. This is defined as any information related to an identifiable individual who can be directly or indirectly identified in particular by reference to an identifier.

A lot of types of information can be defined as personal data. From personal addresses to browsing history to email addresses. Data protection affects organisations that collect, process or handle personal data of these kinds and more.

 

7.  What rules must organisations follow to ensure compliance?

To ensure compliance along the lines of data protection, GDPR states personal data must be:

  • Processed lawfully, fairly and transparently.
  • Collected only for specific and lawful purposes.
  • Adequate and relevant and limited to what is necessary.
  • Accurate and kept up-to-date.
  • Kept only for as long as necessary.
  • Protected in a manner that ensures its security and integrity.

 

8.  What are the penalties for GDPR breaches?

The GDPR uses a tiered approach to the way it issues fines. This means that the severity of the breach determines the fine imposed—and they can be heavy.

The maximum fine a company can face is 4% of their annual global turnover or €20 million. Whichever is the highest amount. The less serious violations, there’s a penalty of 2% of annual global turnover or €10 million.

It’s worth noting that some of the biggest companies in the world have been fined for breaches in GDPR. The year following the introduction of GDPR, fines reached hundreds of millions.

 

9.  What are the GDPR fundamental rights?

  • The right to be informed: individuals have the right to be told what personal data organisations collect about them, how it’s stored and how it will be used.
  • The right of access: individuals have the right to obtain a copy of personal information held about them. This must allow them to check how their data is being processed and whether it’s lawful.
  • The right of rectification: individuals are entitled to have personal data rectified if it’s inaccurate or incomplete.
  • The right to erasure/the right to be forgotten: individuals have the right to choose to have their data deleted or removed.
  • The right to restrict processing: individuals have the right to block or suppress the processing of their personal data.
  • The right to data portability: individuals can move, copy or transfer their personal data from one IT environment to another.
  • The right to object: individuals are entitled to object to their personal data being processed, such as when companies use personal data for direct marketing.
  • Rights related to automated decisions making and profiling: the GDPR has placed protections for individuals to safeguard against the risk of potentially damaging decisions made regarding their data.

 

10. Who’s responsible for GDPR enforcement?

While EU GDPR and UK GDPR implement state-wide laws in nation-states, participating countries also have their own authorities who’re responsible for enforcement. For example, in the UK, it’s ICO. In Hungary, it’s the Hungarian National Authority for Data Protection and Freedom of Information. These institutions are responsible for GDPR enforcement within their nations.

More Stories

Kingfisher steps towards data-driven growth with Fivetran automated data integration

Lisa Baker, Editor October 14, 2024

Data Resilience and Protection in the Ransomware Age

NTSI Publishing Team September 27, 2024

More control drives more data sharing: surprising in-app privacy trends revealed by Verve research

Lisa Baker, Editor September 21, 2024

You may have missed

trees beside white house

Quick stamp duty rise is to avoid market distortion, says property expert

Lisa Baker, Editor, UK Business News November 2, 2024

In the Welsh Wind Second Release Whisky Pre-Sale a Sell Out

Lisa Baker, Editor, UK Business News November 1, 2024
gambling, casino, bingo

The History of Casinos: From Ancient Times to the Digital Era

Lisa Baker, Editor, UK Business News October 31, 2024
Headshot of Gus Williams.

The Budget – key next steps for businesses

NTSI Publishing Team October 31, 2024

Panasonic’s KAIROS Platform Delivers a Competitive Esports Advantage for University of Staffordshire

NTSI Publishing Team October 31, 2024