Enter to open, tab to navigate, enter to select
Ensuring data protection compliance (DPA 1998 version)
Practical Law UK Practice Note 0-107-4759 (Approx. 21 pages)
Ensuring data protection compliance (DPA 1998 version)
by David Naylor, David Lewis and Michael Brown, Fieldfisher
| Law stated as at 16 Mar 2015 • United Kingdom |
A practical overview of how to set up and maintain an effective international data protection compliance programme. The note highlights the key steps in establishing an effective compliance programme including appointing a compliance officer, identifying the data controller and the data processor, and ensuring appropriate legal grounds exist for each processing activity. It also explains how to maintain the compliance programme.
Note: With effect from 16 March 2017, this resource is no longer being maintained. From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR) replaced the current regime established by the Data Protection Act 1998. It is supplemented by the Data Protection Act 2018. For legal developments between 16 March 2017 and 24 May 2018, please refer to the legal updates on the topic page for this resource: see Compliance.
The European Commission is reviewing a related piece of legislation, the E-Privacy Directive (2002/58/EC), implemented in the UK by the Privacy and Electronic Communications Regulations (2003/2426) (as amended) (PECR). Their replacement, the draft E-Privacy Regulation (COM (2017) 10 final) (draft ePR), was not agreed in time to align with the GDPR on 25 May (see Legal update, Government confirms delay to draft E-Privacy Regulation). The Information Commissioner has confirmed that PECR (with GDPR standard of consent) will continue to apply until the draft ePR is finalised. We are updating our direct marketing, cookie and other related resources to reflect this. For further information see E-Privacy Regulation tracker. For further information and ICO guidance, see Practice note, Overview of GDPR: UK perspective: Direct marketing and draft E-Privacy Regulation.