Get GDPR wise:
Understanding Data Protection Law

Get GDPR wise

Did you know that UK GDPR law has changed?

With the many other issues that the country has faced over the past year, this may be a fact that has been missed by UK businesses. However, staying on top of GDPR regulations is vital if you are to avoid facing hefty fines.

Following the UK’s exit from the EU, there have been a number of changes to GDPR legislation.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a comprehensive set of rules and legislations, designed to protect the rights and freedoms of UK citizens. It applies to the handling of personal data throughout all areas of your business. Under GDPR law, personal data can only be collected under strict conditions for legitimate purposes only. Those who collect and manage personal information must protect it from misuse and must respect data protection law.

Since leaving the EU on January 1st, 2021, the UK is no longer under the EU’s GDPR jurisdiction. However, the UK has now passed its own UK GDPR regulations to sit alongside the older Data Protection Act of 2018, an update referred to as the ‘Data Protection, Privacy and Electronic Communication’. In the most part, the key principles remain unchanged, however there are a number of new rules and amendments to the existing legislation. These updates will affect any transfers of personal data between the UK and EEA (European Economic Area) as well as any website or company in the world that the personal data of individuals located inside the UK, are bound to comply with the UK-GDPR.

It’s important to note, that the Republic of Ireland should continue to follow EU-GDPR law.

So, what are the differences between the two legislations?

Differences between EU-GDPR and the new UK GDPR rules

• The Legal age for child consent. Under the UK GDPR, the consent to process personal data from a minor is valid if they are at least 13 years old. This differs from EU GDPR, where they need to be at least 16 years old.

• Automated Profiling. UK GDPR allows you to carry out automated profiling in cases where there is a legitimate justification for it. This is not the case when it comes to EU GDPR, since the Union’s data privacy legislation gives users the right to reject automated decision-making or profiling.

• Public Interest. If you must process a user’s personal data for reasons of public interest, UK GDPR is lenient in comparison to EU GDPR.

• Criminal Data. Under the EU GDPR, the processing of personal data needs to meet data protection compliance requirements. The same does not apply to processors of criminal data under the UK GDPR.

Data Breach Fines

There have already been 880 fines issued so far in 2021 in the EU, and the rough amount of all GDPR fines totalled over €1,29 billion. was issued the biggest fine ever by the Luxemburg National Commission Data in July 2021 of €746 Million, whilst Swedish conglomerate H&M received a €35.25 million fine after a technical error allowed everyone in the company to see the data on the network drive for just a few hours.*

These penalties can often occur from simple mistakes that can easily be avoided. But what can you do to prevent these breaches? Now is the time to align your existing GDPR policies with the new requirements and familiarise yourself with ongoing changes. To help simplify this topic, we have put together 6 key principles to follow within any data protection strategy.

6 Principles of Data Protection:

Data shall be:

1. Processed lawfully, fairly and in a transparent way.

2. Collected for specified, explicit and legitimate purposes and not be subsequently processed in a way that opposes those initial purposes.

3. Adequate, relevant, and limited to what is necessary.

4. Accurate and up to date; inaccuracies should be processed, erased, or rectified without delay.

5. Storage limitation – Kept for no longer than is necessary.

6. Processed securely

What quick changes can you make to secure your workplace?

We have teamed up with Fellowes to provide a range of privacy filters, high quality shredders and archive boxes so you can initiate change quickly.


• Privacy filters reduce the risk of personal data being compromised by third parties.
• Privacy filters are a low-cost solution to mitigate the risk to data protection rights and freedoms being breached
• The proper use of devices, especially when on the move, should show an auditor that an organisation is competent and make it easier to demonstrate compliance.


• Fellowes shredders securely destroy paper documents ensuring that hard copy data which is no longer required cannot be read anymore.
• If you know a record is inaccurate, securely shred it to minimise the risk of further inaccuracies, mistakes, or negative consequences for the person it relates to.


• Our records management boxes enable you to deposit your confidential documents away into secure storage, and to securely transport documents between locations.
• Fellowes Bankers Box® include a clear labelling system enabling a company to find the information more quickly and more efficiently.

GDPR legislation can feel overwhelming, but simple steps can be taken that will secure the data your business holds, and ensure you remain compliant and risk free.

For more advice, support and GDPR solutions; click here.

If you enjoyed learning about GDPR in more detail, be sure to follow us on our social media by clicking below to be the first to hear about our latest news and blog posts.