Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. News and events
  3. Blogs & opinions
  4. Data protection law set to tighten

Data protection law set to tighten

27th June 2017 | human rights , information technology

UK data protection law will change on 25 May 2018 when the EU’s General Data Protection Regulation comes into force. The UK’s Information Commissioner (ICO) has described the change as the “biggest change to data protection law for a generation”. The GDPR will replace the Data Protection Act 1998 (DPA).

To prepare for the regime change, organisations should consider what personal data (PD) they hold on individuals, where it comes from, and who it is shared with. At present, bodies collecting PD should issue privacy notices identifying who they are, and how they use PD. In future, they will need to set out their legal right to process the data, how long they keep it for, and how individuals can complain to the ICO if they think the law has been breached.

The GDPR also gives people a new right to data portability, which could drive competition between cloud-hosting organisations which store photos, music, and files.

At present, organisations have 40 days to respond to a subject access request, and can charge £10. From next May, the right to make a charge is eliminated, and the 40 days are reduced to one month.

The GDPR reinforces the need to obtain positive consent for data collection, and introduces new protection for people under the age of 16.

It also extends the duty to report certain personal data breaches to the ICO, and in some cases to potentially affected individuals. Mandatory reports are required if the breach could lead to discrimination, financial loss, or loss of confidentiality. Organisations should put in place procedures to detect, report and investigate breaches.

 

 

Add To Favorites
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited