Information Security Legislation

© 2026 Nate Green | SCC | All rights reserved.

Home Copyright, designs and patents Data Protection Act Computer Misuse Law Fraud Law Telecommunications Act Contact Me

Data Protection Act 2018 and GDPR

So what is it?

So the data protection act is an act in the uk that covers personal data and how organisations are allowed to use that data and GDPR is the law that is in the EU but still covers uk. It sets a very clear set of requirements for data processing and storage.

    Lawful, fair and transparent

  • You must have a valid reason for the collection and use of data.
  • People must be clearly told about their data will be used, shared and stored.

    • Purpose Limitation

  • Data must ONLY be used for specific clear purposes.
  • It MUST NOT be reused for unrelated purposes

    • Data Minimisation

  • Only collect what you actually NEED

    • Accuracy

  • Kept UP TO Date and CORRECT

    • Storage Limitation

  • DO NOT keep data longer than needed
  • Set CLEAR Retention periods and delete securely after use

    • Integrity and Confidentiality

  • Data MUST be protected and securely stored
  • MUST prevent accidental loss, damage, unauthorised access or disclosure

    • Accountibility

  • MUST be able to prove you are following the rules
  • Will probably need a DPO