Page 32 - PWM2023_April
P. 32
TECHNOLOGY REPORT
The protection racket
T different sources: the UK’s GPDR, which retains the EU
he law on data protection, despite some
General Data Protection Regulation, the Data Protection
thinking that it’s as recent as the General
Act 2018 (DPA) and the Privacy and Electronic
Data Protection Regulation (GDPR) that was
introduced in 2018, actually stretches back
Communications (EC Directive) Regulations 2003
Data protection to the 1970s. Several attempts to introduce (PECR) which gives people specific privacy rights
legislation in the 1960s were unsuccessful,
concerning electronic communications.
issues are rarely far but the 1970s saw the publication of the Younger Report on He notes that a data subject under the DPA and the
from the news. And Privacy in 1972 and the Lindop Report on Data Protection GDPR is defined as “an identified or identifiable living
as the recent ran- in 1978. individual to whom personal data relates”.
The first UK legislation on the subject came in 1984
Of course, just as data is held by someone, so Jessica
someware attack on following government action to comply with a Council of Padget, an associate in the Regulatory and Compliance
Royal Mail in January Europe Convention. This provided for the free movement Team at Walker Morris, says that different obligations
illustrated, not only of personal data between countries that had ratified the apply to a data controller or a data processor – the former
are they publicly Convention with restrictions potentially being placed on shouldering the highest level of compliance
embarrassing, they the movement of data outside that group. The responsibility. Expanding, she says, “a data controller is
can be commercially government of the day was concerned more about the the natural or legal person which determines the
disastrous both for convention’s impact on business than it was privacy. purposes and means of the processing of personal data.
the attacked organi- Firms use data for a number of reasons – to market Processors handle personal data on behalf of, and on the
instructions of, controllers. All organisations will be
themselves, to comply with obligations or monitor staff.
sation and its cus- However, the law places restrictions on corporate controllers of the personal data relating to their
tomers. activities. employees, and any customers or clients that they
Words by service”.
Adam Bernstein The current position Notably, third parties such as payroll providers may act
As James Davies, an employment law solicitor at Cater as processors on behalf of a controller who is their client.
Leydon Millard, comments, UK law is based on several Padget says that the law sets out basic principles which
30 PrintWeek MENA April 2023 www.printweekmena.com
