QUESTION: THIS YEAR MARKS THE 25TH ANNIVERSARY OF DATA PROTECTION REGULATION IN THE UK. DOES THE FACT THAT SUCH LEGISLATION EXISTS MEAN THAT STANDARDS DO NOT HAVE A BIG ROLE TO PLAY IN THE DATA PROTECTION PUZZLE?

摘要

First of all, the fact that there is legislation in place does not mean standards do not have a role to play. Quite the contrary: in many cases, standards offer a framework for businesses to better prepare and comply with legislation. For example, vast amounts of personal information are handled by organizations of all sizes, across - and between - the public and private sector. Such information must be treated with the highest possible standard of care - not just because of the manifold business benefits of ensuring that personal data is collected, stored and shared appropriately, but also because there is a legal requirement to do so, such as under the UK 1998 Data Protection Act (DPA).