LO2 Ventures Private
Introduction to GDPR and its relationship with European Union & Britain

Introduction to GDPR and its relationship with European Union & Britain

Privacy in English law is a rapidly developing area. It deals with situations that help an individual has a legal right to privacy of information, this means the protection of private information from misuse or unauthorized disclosure. This type of informational privacy is different from physical privacy. English Common Law has recognized the right of data protection through the doctrine of breach of confidence and a “piecemeal” collection of related legislations on the topic. The English law was first associated by the European Convention on Human Rights through the introduction of Human Rights Act 1998. The Article 8.1 of the ECHR provide an explicit right to respect for a private life. The Convention also requires the judiciary to have regard to the Convention in developing the common law.

The parliament of the United Kingdom enacted a legislation in the year 2018 which secures the right to data privacy another step further. This latest enactment secures all the essential parts of data privacy. The 2018 legislation also discusses the topic of GDPR within its ambit and it also emphasizes on the right to protection of general data. This legislation is comprised of – a) provision about the processing of personal data, b) most processing of personal data is subject to GDPR; c) Part 2 supplements the GDPR (Chapter 2) and applies a broadly equivalent regime to certain types of processing to which the GDPR does not apply (Chapter 3); d) Part 3 makes provision about the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive; e) Part 4 makes provision about the processing of personal data by the intelligence services; f) Part 5 makes provision about the Information Commissioner; g) Part 6 makes provision about the enforcement of the data protection legislation; h) Part 7 makes supplementary provision, including provision about the application of this Act to the Crown and to Parliament.

Definition of GDPR

The General Data Protection Regulation is a set of rules which is meant to uphold the right of data protection and privacy. The European Union had implemented a similar directive in respect of this similar topic in the year 1995. The UK law was previously based on this directive.

The European Union’s legislation is designed to harmonize the various data privacy laws of European nations and it also aims to give greater protection and rights to individuals. Even the entities and organizations have also become legally obliged to protect private information and data privacy of individuals.

After more than four years of discussion, GDPR was adopted by both the European Parliament and the European Council in April 2016. The Regulation on GDPR came into effect on 25th May 2018 after it had been published in the EU Official Journal in May 2016. The two-year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.



Implementation of GDPR in the United Kingdom

GDPR has its application across the European continent, each member country has the authority to amend the law according to its own requirements. The British Government has enacted Data Protection Act, 2018 to replace the previous act of 1998. The enactment in the year 2018 provided provisions for protections from any sort of criminal allegations against cybersecurity researchers who work to uncover abuses of personal data.

Accountability and Compliance

The enactment in respect of GDPR also imposes a certain set of accountabilities upon organizations who handle personal information. The accountabilities include data protection policies, data protection impact assessments and having relevant documents on how data is processed. GDPR rules aim to protect data from any sort of destruction, loss, alteration, unauthorized disclosure of and access to data. The term data includes financial loss, confidentiality breaches, damage to reputation and more, the same is not limited to this information only, it extends beyond the perimeter of this criteria. According to the GDPR regulation people’s data must be reported to a country's data protection regulator where it could have a detrimental impact on those who it is about. The Information Commissioner’s Office has to be informed within 72 hours from the time of finding out by an organization about the occurrence of such breach, the breach of data concerning individuals will also have to be informed about such breach.

The organizations who has more than 250 employees, they are legally obliged to record the documentation as to why people’s information is being collected and processed, description of information is also kept, for how long it is being kept and the security measures that is put in place for the protection of such information.

Organizations are legally obliged to monitor the sensitive personal data of individuals on a regular and systematic pattern. These organizations employ a Data Protection Officer (DPO). The business organizations are also required to obtain consent from persons whose data and information are collected and processed, thus data protection has become a significant issue which is being taken care of by special attention.

Right of Individuals

An individual is entitled to a great amount of power to protect personal information from unauthorized disclosure. An individual can protect information about himself/herself and he/she can prohibit any third party or organization to access to personal information about the individual.

An individual is empowered by Subject Access Request (SAR) and he/she can ask a company or organization to provide data about him/her at free of cost under the GDPR rules. The GDPR rules in respect of SAR empowers individuals to obtain confirmation from organizations that the organizations are possessing data and supplementary information about them.

The GDPR regulations also bolsters individuals’ right regarding automated processing of data. The Information Commissioner’s Office has issued a statement which confirms that individuals are privy to their rights of being not subject to any automatic decision which can produce a detrimental effect on such individuals. GDPR rules also states that individuals must be provided a rational clarification regarding any information which is formulated about them, but the rules also refer to certain exceptions under which such right cannot be exercised by individuals. The individuals are also protected by the GDPR rules and regulations in respect of their power to erase data in selective circumstances if the purpose of data collection is already satisfied, legitimate interest for data collection is unfound or the consent for data collection is revoked.

Punishment for Breach of GDPR Provisions

The GDPR provisions state that any breach in respect of data or information by any organization will have to be compensated by payment of monetary penalties. In the United Kingdom, the amount of such penalty could be as high as € 20 million or four percent of a firm’s total annual revenue considering the seriousness of the breach. This type of an attitude exhibited by the authorities are quite helpful to the idea of data security.


Britain will continue under section 3 of the European Union (Withdrawal) Act 2018 with GDPR as it will be directly incorporated into Britain’s domestic law. Britain’s data protection law is almost identical with that of the European Union, therefore after Brexit there will be no significant changes in the enactments and the interests of individuals regarding data protection will be complying with the legal provisions.

The changes that will emerge is in respect of data transfer, because organizations that have transferred data between European Economic Area and Britain in case Britain does not leave on a friendly term in respect of GDPR. Britain has assured that no such discrepancy will occur.


General Data Protection Regulation has been an enactment which is a phenomenon in respect of data security and individuals' rights regarding the protection of the same. Member nations of European Union have pledged to protect individual’s data and the guaranty to individuals in respect of their right for such protection have created a healthy environment for data movement.

Britain’s complying with this idea and legislation to that effect has confirmed the concept of individuals’ right for information security and the privilege associated with such right is also a welcome measure for today’s democratic world which values individuals’ dignity.

Did you find this write up useful? YES 0 NO 0

C2RMTo Know More

Something Awesome Is In The Work









Sign-up and we will notify you of our launch.
We’ll also give some discount for your effort :)

* We won’t use your email for spam, just to notify you of our launch.

SAARTHTo Know More

Launching Soon : SAARTH, your complete client, case, practise & document management SAAS application with direct client chat feature.

If you want to know more give us a Call at :+91 98109 29455 or Mail info@soolegal.com