GDPR, DATA PROTECTION ACT 2018, FREEDOM OF INFORMATION ACT 2000 – ADAVISTA CAN GUIDE YOU THROUGH IT
HERE IS A SELECTION OF OUR FREQUENTLY ASKED QUESTIONS…
Q: DATA PROTECTION THAT DOESN’T APPLY TO ME!
A: Yes it does! Personal data can be held on clients and customers, just as much as staff.
Q: WHAT IS PERSONAL DATA?
A: There is a very broad definition in the legislation. Below is a list of some of the most common formats held by businesses:
Mobile telephone number
NI Number/Staff number
Date of Birth
Driving Licence number
Expressions of opinion
Q: DO I NEED TO PAY THE FEE TO THE INFORMATION COMMISSIONERS OFFICE?
A: Part of the UK Data Protection legislation is the Fees Regulations. If you process data electronically (any format on any device) you are REQUIRED to pay one of the three Tier Fees. The best thing to do is to check it out with a ‘Specialist’ such as aDaVista.
Q: WHY DO SOME EXPERTS MAINTAIN THAT MANUAL DATA IS STILL NOT INCORPORATED IN THE LEGISLATION?
A: ‘Structured’ manual data has been part of the legislation since 1998. ‘Structured’ means that similar data is captured on individuals and each set of data is recorded in the same way. Now, in 2018, the majority of data is held electronically anyway.
Q: WHAT ABOUT CCTV?
A: A face is an identifiable feature of a person! CCTV records this ‘personal data’, so of course it is included in the legislation. If it is being recorded and stored for prevention or detection of crime purposes a notice that it is in use must be displayed.
Q: BUT SURELY I AM ONLY KEEPING PERSONAL DATA ON MY STAFF IT CANNOT POSSIBLY COVER MY CLIENT BASE DETAILS.
A: Yes it does cover customer information. A Business Card is considered all to be personal data about the individual especially if that person is a sole trader! For example, accounts information is covered because it is a record of a spending pattern.
Q: THIS IS BUREAUCRACY GONE MAD!
A: We at aDaVista believe the exact opposite is true. Now a legal framework exists to be used by individuals and companies to improve decision-making by making as much information available as possible. Obviously, some information needs to be kept confidential to ensure privacy and prevention of harm to the individual, or maintain business competition, but generally speaking, the idea is to level the playing field!
Q: WHY ADOPT THE GDPR AND HAVE A NEW ACT?
A: The Data Protection Act 1998 was based on the 1995 Directive. The GDPR and Data Protection Act 2018 bring the legislation in the UK up-to-date. Also, the new laws bring more formal structure to the rights and freedoms of individuals. They make it easier for us to realise what organisations are doing with our personal information.
Q: WHAT IS THE FREEDOM OF INFORMATION ACT 2000?
A: A piece of legislation permitting access to information held by public authorities – came into force 1st January 2005.
Q: DOES THE FREEDOM OF INFORMATION ACT APPLY TO EVERYONE?
A: No. This Act applies to non-personal data held/processed by Public Authorities.
Q: WHAT IS A “PUBLIC AUTHORITY” IN THE CONTEXT OF FREEDOM OF INFORMATION?
A: Not just Central Government; local government; public services (police etc), but also doctors; dentists; pharmacists and opticians. All in all, over 100,000 in England and Wales.
Q: THE DATA PROTECTION ACT 2018 & GDPR APPLY TO THE WHOLE OF THE UNITED KINGDOM – WHAT ABOUT THE FREEDOM OF INFORMATION ACT 2000?
A: The Freedom of Information Act 2000 only applies to England and Wales. Scotland has its own legislation.
Q: WHO SUPERVISES COMPLIANCE WITH THE FREEDOM OF INFORMATION ACT 2000?
A: The Information Commissioner’s Office (ICO) in England. There is a Scottish Information Commissioner for Scotland’s Act.
Q: IF THE FREEDOM OF INFORMATION ACT APPLIES TO PUBLIC AUTHORITIES, WHAT RELEVANCE IS IT TO PRIVATE ORGANISATIONS?
A: The relevance comes into play where private organisations want to work with Public Authorities – find out everything about an existing contract and who else is bidding.
Q: CAN ANYONE REQUEST ACCESS TO INFORMATION?
Q: IS ACCESS/DISCLOSURE GUARANTEED?
A: No. The public authority can withhold disclosure of information if they believe an exemption applies. It has to put into the response to the Request the exemption which applies. You can contest the application of an exemption.