Data Protection and GDPR

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. This was enacted in UK law by the Data Protection Act (DPA) 2018 and replaces the Data Protection Act 1998. As of January 1 2021 all references to GDPR now refer to UK GDPR.

There are several major changes caused by this change. These include:

• individuals must be provided with more information when collecting their personal information
• there are new regulations surrounding gaining consent. Both consent and explicit consent now require clear affirmative action. In other words, options must be opt in not opt out
• data that has been used to complete its original purpose must be deleted. It cannot be reused for different circumstances unless the new purpose complies with the old one
• individuals can revoke their consent to data processing at any time. It must be easy for them to do so
• the data controller (in this case, ourselves) now has 72 hours to notify data breaches to the Information Commissioners Office (ICO). This is unless the breach is unlikely to result in a risk to data subjects. The ICO acts as the regulatory body for the United Kingdom
• there is a single national office for complaints. This is the ICO
• large data controllers (including ourselves) must appoint a Data Protection Officer. The Data Protection Officer for Fenland District Council can be contacted at Amybrown@fenland.gov.uk. 
• if we don't comply with GDPR we could face a fine of up to $20,000,000 or 4% of our global annual turnover for the preceding financial year

We have policies in place to deal with your data fairly and security. 

The UK left the European Union on 31 January and adopted the General Data Protection Regulation as the UK General Data Protection Regulation.