Are you ready for the applied GDPR?

Abstract

There have been several large developments within the practice of data protection over the last year, all of which culminate in 2018, the ‘data big bang’ year. This paper aims to assist data practitioners in navigating the fast-moving field of data privacy protection and will also look at the only legally binding instruments in the world in the field of the protection of personal data which, because of their open nature, had a universal scope. It will also look at the implementation of the Applied General Data Protection (and other) Regulations, which will shape the direction and future of data privacy protection not just in the UK, but globally. All data practitioners must be aware that new technologies bring with them their own unique challenges for data privacy, processing as well as compliance. Add this to the impending legislation changes with additional data subject rights, then 2018 will be exceptionally busy for the data privacy practitioner. As Moreland described, making conclusions from the Data Protection Act 1998 (DPA) was like ‘weaving his way through a thicket’ (Campbell v MGN ltd (HL) [2004] UKHL 22; [2004] 2 AC 457; [2004] 2 WLR 1232; [2004] EMLR 247); Lord Philipps at the Court of Appeal agreed and added: ‘the Act is certainly a cumbersome and inelegant piece of legislation’. Once you read the Data Protection Act 18 (DPA18) along with the applied General Data Protection Regulation (GDPR), then ‘thicket’ becomes a ‘forest’. With this in mind, it is hard to understand why the Digital Culture Media and Sport (DCMS) has not released a copy of the ‘applied GDPR’ with the changes implemented by the government in the DPA18. For an unofficial copy of the ‘applied GDPR’, please contact GODPO.