The UK General Data Protection Regulation (GDPR) is a UK law which came into effect on the 1st January 2021. It sets out the key principles, rights, and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.
The UK GDPR is based on the EU GDPR which applied in the UK before the 1st January 2021, with some changes to make it work more effectively in a UK context. The aims of the UK GDPR are:
- Ensure legislation reflects new technologies.
- Protect and enhance individuals' privacy rights.
- Require greater accountability from organisations with regards to their processing activities.
The Data Protection Act 2018 (DPA18)
The Data Protection Act 2018 (DPA18) is necessary to fill in the gaps where the UK GDPR is silent; to clarify UK law where it is needed, and to deal with circumstances where the GDPR does not apply. The DPA18 sits alongside and complements the UK GDPR.
We are committed to protecting the rights of individuals in line with the UK GDPR and the DPA18 by protecting them from unwanted or harmful use of their personal data (information about them), by ensuring that we process this information in a responsible and accountable way.
Accountability is a key theme running throughout data protection law. As a Data Controller (the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data) we must show accountability to the law by a) appointing a Data Protection Officer and b) embedding data protection into our operations by implementing internal policies and procedures.
Data Protection Officer
Cardiff Metropolitan University's Data Protection Officer is Mr Sean Weaver. He can be contacted via email at firstname.lastname@example.org.
Cardiff Metropolitan University's Data Protection and Records Management policies are a statement of the University's commitment to comply with data protection law.