Data Protection Guide for Businesses

Trethowans’ data protection team is working on a series of data protection Q&A articles which will cover the main concepts of data protection law and issues of interest to businesses. Here you will find the articles published so far.

What is data protection law, why do we have it and why do we have to comply with it?

Failure by an organisation to comply with data protection law poses many risks including enforcement action by the Information Commissioner’s Office (the UK data protection authority), loss of business and loss of reputation. Read more

What is personal data?

Personal data is defined in the UK General Data Protection Regulation (UK GDPR) as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. Read more

Data Protection – News Alert

Firstly, it has been announced that before the end of 2022, the UK’s first independent adequacy decision will be in place allowing for the secure transfer of personal data to the Republic of Korea. This means that personal data can be transferred from the UK to the Republic of Korea without the need for data exporters to implement appropriate safeguards, like the EU model clauses, and carry out transfer risk assessments which are cumbersome and time consuming.

Secondly, John Edwards (the head of the UK Information Commissioner’s Office) has made the following announcement in relation to reprimands that the ICO issue to organisations for failure to comply with UK data protection legislation. Read more

What is special category / sensitive personal data?

Special category personal data (sometimes known as sensitive personal data as this is what it was known as in the Data Protection Act 1998) is personal information which is considered to need more protection in law as it relates to more sensitive or personal matters. Read more

Data Protection Quarterly News Roundup (October to December 2022)

The last quarter of 2022 remained a busy time for anyone keeping an eye on the UK data protection landscape. In this, the first of our quarterly news roundups, we bring you our news highlights of the last three months. Read more

What is criminal offence personal data?

Like special category personal data (which we considered in our 13 December 2022 Q&A article), data relating to criminal allegations, proceedings, offences and convictions is personal data which is considered to need more protection in law as it is data relating to sensitive matters. Read more

What  does “processing” of personal data mean?

To answer this question it is best to look at the UK General Data Protection Regulation (UK GDPR) and how it defines “processing”:

“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. Read more

Answers are just a click away