Sky high thinkers

Welcome to the Libryo blog
close

Categories

Subscribe to Email Updates

Popular Stories

Is it EHS, SHE, HSE, HSSE, SHEQ or OHS and what’s the difference? Mar 26, 2021
ISO 9001:2015 Legal Requirements - Why it's critical to drop manual approaches Jul 28, 2017
What is a Legal Register? Jan 13, 2017
What is sustainability governance? Sep 02, 2020
Why regulation monitoring and having accurately updated legislation is important Jan 20, 2017
Categories | Subscribe | Populars
Welcome to Libryo’s Sky high thinkers blog, where thoughts on legaltech, sustainability, law, compliance and technology converge. Filter by topic or popular reads and share your thoughts with us and others. If you have a topic that you’d like to see covered, drop us an email: info@libryo.com

Stay in the know by receiving monthly email updates directly into your inbox.

GDPR is one of many relevant data protection laws - know the others

Written by Garth Watson
on March 29, 2018

Because there has been so much hype around GDPR, many people think that it is the be all and end all of data protection regulation. It is not.

There are many statutory instruments (e.g. Acts of parliament and regulations) that apply to companies' handling of personal data, other than GDPR.

 

Find the needles in the data-protection regulation haystack

To illustrate this point, I've used the UK as an example, and I've included a list below which is a sample of regulations taken from a stack of statutory instruments which apply to a UK company's handling of personal data. Although this is a list of UK and EU statutes, for companies operating in other countries, the same principle holds true - namely that there are many regulations dealing with the handling of personal data other than GDPR.

That all of these statutory instruments regulate a company's use of data is a bit counter-intuitive because the names of the regulations often don't include the phrase: "data-protection". Nevertheless, each of these statutory instruments include at least one provision which apply to the domain of data:

(Note this is not a full list. I've deliberately omitted certain statutes relevant to the data protection domain. The point is to show us all that there's more to data protection regulation than GDPR!)

  1. Civil Contingencies Act, 2004
  2. Companies Act 2006
  3. The Companies (Trading Disclosures) Regulations 2008
  4. Computer Misuse Act 1990
  5. Copyright, Designs and Patents Act, 1988
  6. Copyright (Computer Programs) Regulations, 1992
  7. Defamation Act, 2013
  8. Electronic Communications Act, 2000
  9. Equality Act, 2010
  10. European Communities Act 1972
  11. Alternative Dispute Resolution for Consumer Disputes (Competent Authorities and Information) Regulations, 542 of 2015
  12. Business Protection from Misleading Marketing Regulations 2008
  13. Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013
  14. Consumer Protection (Distance Selling) Regulations, 2003
  15. Consumer Protection From Unfair Trading Regulations, 2008
  16. Copyright (Computer Programs) Regulations, 1992
  17. Electronic Commerce (EC Directive) Regulations, 2002
  18. Electronic Identification and Trust Services for Electronic Transactions Regulations, 2016
  19. The Provision of Services Regulation, 2009
  20. The Intellectual Property (Enforcement, etc.) Regulations 2006
  21. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
  22. The Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018
  23. Public Order Act, 1986
  24. Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I)
  25. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  26. Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)
  27. Terrorism Act, 2000
  28. The Companies (Trading Disclosures) Regulations 2008
  29. The Intellectual Property (Enforcement, etc.) Regulations 2006
  30. Trade Marks Act 1994

Now you know.

 

Towards knowing simply, what data protection regulation requires

You may think "I wish the law was better organised and that there were fewer regulations to keep track of!" Indeed, part of the problem with regulation is that it is terribly organised. Fortunately, however, legal technology is being put to work to simplify the complicated organisation of regulatory texts. Using legal technology, it is possible to filter out the provisions of the above data-protection regulations which do not apply to your company. This filtering, combined with the use of smart meta-data, enables anyone, in any organisation to experience freedom in knowing what data protection regulations require of them, without having to sift through reams of complicated and irrelevant regulatory texts! Freedom in complexity is possible.

 

LEARN MORE