SW03250 - Information Security: Data Protection Act

The General Data Protection Regulations came into effect in 2018 and GDPR is embodied in UK law by virtue of the Data Protection Act 2018, which replaced earlier legislation.

The purpose of the legislation is to protect the privacy of individuals and ensure that their data held by HMRC is accurate, proportionate, secure, used properly and disposed when no longer required. It applies to manual e.g. paper records as well as those digital data.

The DPA applies to personal data in respect of living individuals i.e. data about identifiable living persons. Anyone using or managing personal data must ensure that the data is handled in accordance with the data protection principles and other requirements embodied in the DPA.

All personal data information held within Shared Workspace is covered by the DPA.

HMRC Business Authorising Officers are responsible for ensuring that their rooms, the data within and its use complies with the DPA.

Information about the DPA and how HMRC manages its responsibilities can be found at the Office of the Data Protection Officer (oDPO) intranet site.

If you have questions about DPA your Security & Information Partner will be able to be able to provide advice and should be approached initially for guidance