The Data Protection Act (DPA) is a law designed to protect personal data stored on computers or in an organised paper filing system. For the GCSE ICT exam, you need to know about the 1998 Act.
The General Data Protection Regulation (GDPR) is a new regulation that pertains to the uniform handling of data protection and privacy for all individuals throughout Europe, as well as the exporting of personal data to outside of Europe. The regulation takes effect as of 25 May 2018.
Personal Information
A website that is online cannot be created without personal data. An IP address, one example of a personal identifier, is an integral part of being able to access online information. Even more personal identifiers, such as cookies and user IDs, are also commonly used.
Therefore, as soon as a website that is online is accessed, personal data is processed, and the General Data Protection Regulation (GDPR) must be followed.
Data Protection on the Internet
The protection of personal data is of upmost importance for the General Data Protection Regulation (GDPR). Personal data includes, for example, first names, last names, email addresses, addresses, telephone numbers, birthdays, bank accounts, user names, passwords, cookies, comments (which include an email address), contact form entries, newsletter registrations with specification of an email address, social media plug-ins and analysis tools such as Google Analytics or Matomo.
In short, almost all websites are affected by the General Data Protection Regulation (GDPR).
In May 2016, the EU’s General Data Protection Regulation came into force with a transitional period of two years – and on 25 May 2018, it will fully come into play. From this date onwards, it will be the official data protection act in all EU states, and one which is superior to national legislation. This means no more transition periods. When the regulation comes into effect on 25 May 2018, all companies and public authorities working with personal data will be required, without delay, to implement the EU’s new provisions on data protection.
Your own website fails GDPR compliance completely. You have no privacy policy, you don’t obtain consent for cookies (some of which persist for two years) and you give no company registration information on your website – in breach of the Companies Act 2007.