Genaral data protection regulation (GDPR) is a uk law which came into effect on 1st januvary 2021.The Data Protection Act 2018 provides the statutory framework for general data protection rules that apply to businesses and organisations in the United Kingdom. It explains the rights, obligations and principles of data protection for business.there are key principles ,rights and obligations for most uk data processing ,with the exception of law enforcement and intelligence.those in charge of processing personal data must follow strict rules reffered to as data protection principles.they must take measure to ensure the data is used fairly,lawfully and transparently. the gdpr outlines 7 principles for the lawful processing of personal data .it includes
⦁ Lawfulness, fairness, and transparency
GDPR requires you to identify a legal basis (known as a 'lawful basis') for gathering and using personal data.
To comply with the law, you must process personal data fairly, meaning you should not act in a way that is detrimental, unexpected or misleading to the individuals concerned.
The meaning of transparency is that it's being clear, open, and honest with your data subject about who you are, what you're doing, and why. By following it, you act fairly towards your data subject.
⦁ Purpose limitation
The purposes of processing your data must be clearly defined. They should also be made clear to the public through privacy notices. Finally, you should adhere to them carefully and limit the processing of data only for the purposes you have specified.
⦁ Data minimization
Collect only the smallest amount of data you will need to complete your equipment.
If you find inaccurate or misleading personal data, you must take reasonable steps to correct or delete it as soon as possible.
You should carefully consider any concerns you have about the accuracy of your personal information.
⦁ Storage limitation
You should carefully consider all challenges regarding your data storage. People have the right to cancel if you no longer need the information.
You may retain personal information longer if you store it only for public interest archiving, scientific or historical research, or statistical purposes.
⦁ Integrity and confidentiality
maintain the integrity and confidentiality of the data you collect and essentially protect it from internal or external threats. This requires proactive planning and effort. You must protect your data from unauthorized or unlawful processing and accidental loss, damage or damage.
You must have appropriate measurements and records as evidence of your compliance with data processing principles. Regulatory authorities may request this evidence at any time.
The uk gdpr covers both processing carried out with in the uk by organisations operating in that country and outside the uk by organizations offering good or services to uk citizens.The UK GDPR requires appropriate technical and organizational measures to be taken to effectively implement data protection principles and protect the rights of individuals. This is "data protection by design".In essence, this means that you need to integrate or 'integrate' data protection into your processing activities and business practices, from the design stage to the life cycle. You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.