Data protection essentials

Data protection laws in both the UK and EEA (the EU plus Iceland, Norway, and Liechtenstein) are intended to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

To help ensure that, both the UK and data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing) and grant rights to those whose personal data is processed (the ‘data subjects’). In summary, ‘processing’ includes doing almost anything with personal data, including storing, sharing, deleting or using it.

UK data protection law is largely derived from EEA data protection laws and is therefore generally based on similar principles, although there are some detailed differences.

This subtopic provides certain core resources commonly required by commercial lawyers when addressing UK and EEA data protection laws under:

•
the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime, which applies under the laws of

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest TMT News

TMT weekly highlights—21 November 2024

Welcome to this week’s edition of the TMT weekly highlights: a hand-picked summary of news analysis, updates and new content from across the technology, media and telecoms sectors. These highlights focus on key topics including new technologies, software, cloud computing, internet, outsourcing, music, film & television, publishing, defamation and telecoms.

ASA rulings—20 November 2024

The Advertising Standards Authority (ASA) has upheld a ruling on two paid-for Google ads for The Pure Gold Company, a gold and silver retail dealer. The ads were identified through the ASA's proactive monitoring as part of its wider work on unregulated investments. The ASA found the ads were misleading as they failed to illustrate the risks of gold investments. The ASA upheld the complaint.

DSIT outlines new online safety priorities for Ofcom implementation

The Department for Science, Innovation and Technology (DSIT) has published a Statement of Strategic Priorities (SSP) for Ofcom, the online safety regulator, as it prepares to enforce the Online Safety Act from Spring 2025. The SSP focuses on embedding safety by design, increasing platform transparency, and creating a resilient digital world. DSIT has also launched a study to explore the effects of social media on children's wellbeing, aiming to strengthen the evidence base for future policy decisions. The government has committed to refining the Act's implementation based on Ofcom's reports and input from online safety experts and campaigners.

UK payments regulator sees competitiveness objective introduced via the backdoor

MLex: Until now, the UK's payments regulator has avoided the additional scrutiny that a competitiveness and growth remit brings with it. Following a letter from the finance minister to the Payment Systems Regulator (PSR) on 14 November 2024, that appears to have changed. In executing its functions, the PSR must now have regard to the government's growth and competitiveness strategy. That is likely to prove a flashpoint for the fintech sector, which has been irked by the PSR over its handling of fraud reimbursement rules.