Get GDPR wise:
Understanding Data Protection Law

November 8, 2021

Stack of GDPR Paperwork

Get GDPR wise

Did you know that UK GDPR law has changed?
With the many other issues that the country has faced over the past year, this may be a fact that has
been missed by UK businesses. However, staying on top of GDPR regulations is vital if you are to
avoid facing hefty fines.
Following the UK’s exit from the EU, there have been a number of changes to GDPR legislation.



What is GDPR?

The General Data Protection Regulation (“GDPR”) is a comprehensive set of rules and legislations,
designed to protect the rights and freedoms of UK citizens. It applies to the handling of personal
data throughout all areas of your business. Under GDPR law, personal data can only be collected
under strict conditions for legitimate purposes only. Those who collect and manage personal
information must protect it from misuse and must respect data protection law.
Since leaving the EU on January 1st, 2021, the UK is no longer under the EU’s GDPR jurisdiction.
However, the UK has now passed its own UK GDPR regulations to sit alongside the older Data
Protection Act of 2018, an update referred to as the ‘Data Protection, Privacy and Electronic
Communication’. In the most part, the key principles remain unchanged, however there are a
number of new rules and amendments to the existing legislation. These updates will affect any
transfers of personal data between the UK and EEA (European Economic Area) as well as any
website or company in the world that the personal data of individuals located inside the UK, are
bound to comply with the UK-GDPR.
It’s important to note, that the Republic of Ireland should continue to follow EU-GDPR law.
So, what are the differences between the two legislations?
We explore the key points below…

Differences between EU-GDPR and the new UK GDPR rules

• The Legal age for child consent. Under the UK GDPR, the consent to process personal data
from a minor is valid if they are at least 13 years old. This differs from EU GDPR, where they
need to be at least 16 years old.
• Automated Profiling. UK GDPR allows you to carry out automated profiling in cases where
there is a legitimate justification for it. This is not the case when it comes to EU GDPR, since
the Union’s data privacy legislation gives users the right to reject automated decision-making or profiling.
• Public Interest. If you must process a user’s personal data for reasons of public interest, UK
GDPR is lenient in comparison to EU GDPR.
• Criminal Data. Under the EU GDPR, the processing of personal data needs to meet data
protection compliance requirements. The same does not apply to processors of criminal
data under the UK GDPR.

Data Breach Fines

There have already been 880 fines issued so far in 2021 in the EU, and the rough
amount of all GDPR fines totalled over €1,29 billion. was issued the biggest fine ever by
the Luxemburg National Commission Data in July 2021 of €746 Million, whilst Swedish conglomerate
H&M received a €35.25 million fine after a technical error allowed everyone in the company to see
the data on the network drive for just a few hours.*
These penalties can often occur from simple mistakes that can easily be avoided. But what can you
do to prevent these breaches? Now is the time to align your existing GDPR policies with the new
requirements and familiarise yourself with ongoing changes. To help simplify this topic, we have put
together 6 key principles to follow within any data protection strategy.


6 Principles of Data Protection:

Data shall be:
1. Processed lawfully, fairly and in a transparent way.
2. Collected for specified, explicit and legitimate purposes and not be subsequently processed in a
way that opposes those initial purposes.
3. Adequate, relevant, and limited to what is necessary.
4. Accurate and up to date; inaccuracies should be processed, erased, or rectified without delay.
5. Storage limitation – Kept for no longer than is necessary.
6. Processed securely

What quick changes can you make to secure your workplace?

We have teamed up with Fellowes to provide a range of privacy filters, high quality shredders and
archive boxes so you can initiate change quickly.
Woman installing privacy screen with text overlayed Protect

• Privacy filters reduce the risk of personal data being compromised by third parties.
• Privacy filters are a low-cost solution to mitigate the risk to data protection rights and
freedoms being breached
• The proper use of devices, especially when on the move, should show an auditor that an organisation is competent and make it easier to demonstrate compliance.


Fellowes shredder with the text overlay
• Fellowes shredders securely destroy paper documents ensuring that hard copy data which is
no longer required cannot be read anymore.
• If you know a record is inaccurate, securely shred it to minimise the risk of further
inaccuracies, mistakes, or negative consequences for the person it relates to.
Person carrying boxes with the overlay text Store
• Our records management boxes enable you to deposit your confidential documents away
into secure storage, and to securely transport documents between locations.
• Fellowes Bankers Box® include a clear labelling system enabling a company to find the
information more quickly and more efficiently.
GDPR legislation can feel overwhelming, but simple steps can be taken that will secure the data your
business holds, and ensure you remain compliant and risk free.

For more advice, support and GDPR solutions; click here.

If you enjoyed learning about GDPR in more detail, be sure to follow us on our social media by clicking below to be the first to hear about our latest news and blog posts.

You May Also Like…

Lyreco’s Green Friday

Lyreco’s Green Friday

  This year, we're celebrating Green Friday!   Originally starting as just a one-day event marking the start of...

read more