GDPR, DPA it’s all about the data


In all the GDPR headlines, it may have escaped the notice of some that the UK got its own updated Data Protection Act 2018 (DPA).

Author: Nona Bowkis
Reading time: 1 minute

This article is 3 years old.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

As predicted, we are all still alive and kicking despite some of the horror scaremongering by some quarters in the lead up to GDPR.

In all the GDPR headlines, it may have escaped the notice of some that the UK got its own updated Data Protection Act 2018 (DPA), also implemented in May.

The new DPA pretty much reflects what was in the European GDPR and updates its predecessor the Data Protection Act 1998.

However, one new feature is the criminalisation of altering data records in response to a Subject Access Request. An individual is entitled to ask for a copy of the data you hold about them and under the new laws, you must supply this within 30 days without charge. If you find yourself in the sticky position of holding information that may drop you in it in some way, it is now a criminal offence to alter that data under Section 173 of the DPA. To avoid potentially finding yourself in the Magistrates Court over this, do take care as to the information you keep and record about people and always consider if it is necessary and appropriate.  

Nona Bowkis

Legal Advisor

Read more by this author

Getting in touch

You can contact us via the form or you can call us on 01480 455500.