DPA 2018

 Data protection act 2018 

1. The seven principles of the data protection act are lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability. Companies will comply with these principles by doing things like not storing data that is not needed, take responsibility if there is a data leak, not share data to third parties without permission and not storing more than they need to.  

2. Some of the implications for not complying with the data protection act is a fine of up to £17.5 million or 4% turnover, reputation damage and having to compensate those who might have been affected by it.  

3. There are two tiers of penalties for not complying with the DPA. A higher penalty is a fine of £17.5 million or 4% turnover and this is for cases like violating the principles, selling data of unlawfully and not processing data properly. A standard minimum penalty is a fine of £8.7 or 2% turnover and this applies to violations like failing to keep proper records, not notifying authorities or individuals in the vent of data breaches and not having the proper resources to securely protect the data that you hold.  

 

1. Under the DPA anyone who can be identified as a person is considered a subject under the DPA. Some of the rights of the subjects is that they can have their data deleted at any point and the right to the portability of data. 

2. Regarding marketing, business must not abuse the data that they hold on to people and not share it to advertisers without consulting the subject/individual first. 

 

GDPR core principles  

• Lawfulness, fairness and transparency 

• Purpose limitation 

• Data minimization 

• Accuracy 

• Storage limitation 

• Integrity and confidentiality 

• Accountability and data security 

 

 

 

ECHR (European convention for human rights) 

Electronic communications privacy act 1986 (USA) - protects electronic communications from unauthorised access, interception and disclosure. It regulates how law enforcement, the government and private entities can access electronic communications.  

Controlling the assault of non-solicited pornography and marketing act 2003 (USA) - it's a set of rules for commercial email communications that aims to protect customers from spam and misleading email marketing while allowing businesses to use emails responsibility. For example, if a business wants to put “from” and “to” it must be accurate and the subject of the email must reflect the actual content of the email.  

1. ECHR is the European court of human rights.  

2. Article 8 of the ECHR protects the right to respect your private life, family life, your home and correspondence.  

3. An expectation of the ECHR is that your private life is not interfered with and respected by a business pr organisation.  

4. The ECPA protects the wire, oral and electronic communications. 

5. Under the CAN-SPAM- act. Emails must be about the subject named, and if it states “to” and “from”, they must be accurate to who is being addressed.