ellesmere port catholic high school
Ellesmere Port,
The UK General Data Protection Regulation (UK GDPR) is part of the data
protection landscape that includes the Data Protection Act 2018 (the DPA 2018).
The UK GDPR sets out requirements for how organisations need to handle personal
data. What information does the UK GDPR apply to? The UK GDPR applies to
‘personal data’, which means any information relating to an identifiable person
who can be directly or indirectly identified in particular by reference to an
identifier. What are the rules on security under the UK GDPR? The UK GDPR
requires personal data to be processed in a manner that ensures its security.
This includes protection against unauthorised or unlawful processing and against
accidental loss, destruction or damage. It requires that appropriate technical
or organisational measures are used. The Data Protection Act UK GDPR Everyone
responsible for using personal data has to follow strict rules called ‘data
protection principles’. They must make sure the information is: used fairly,
lawfully and transparently used for specified, explicit purposes used in a way
that is adequate, relevant and limited to only what is necessary accurate and,
where necessary, kept up to date kept for no longer than is necessary handled in
a way that ensures appropriate security, including protection against unlawful
or unauthorised processing, access, loss, destruction or damage There is
stronger legal protection for more sensitive information, such as: race ethnic
background political opinions religious beliefs trade union membership genetics
biometrics (where used for identification) health sex life or orientation There
are separate safeguards for personal data relating to criminal convictions and
offences. Your rights Under the Data Protection Act 2018, you have the right to
find out what information the government and other organisations store about
you. These include the right to: be informed about how your data is being used
access personal data have incorrect data updated have data erased stop or
restrict the processing of your data data portability (allowing you to get and
reuse your data for different services) object to how your data is processed in
certain circumstances You also have rights when an organisation is using your
personal data for: automated decision-making processes (without human
involvement) profiling, for example to predict your behaviour or interests