In May next year the Data Protection Act (DPA) will be replaced by the EU’s General Data Protection Regulation (GDPR), a framework with greater scope. There will also be much tougher punishments for those who fail to comply with new Rules around the storage and handling of personal data.  While this new framework comes into place as the UK enters the process of uncoupling from the EU, the Great Repeal Act means it is likely to be converted into British law.  The DPA dates from the 1990s; a time when only the largest Companies had the means to collect and store significant amounts of data.

In the intervening years, the ease and sophistication of data collection means that thousands of small and medium enterprises not only collected personal details, but store, more and access them on line.  Personal data is used in everything from sales to customer relationship management to marketing. 

The new Regulation has been of great concern, people are not aware that it does not affect business to business (B to B) direct mailing and e-mailing but parties are advised to be careful and proceed with caution.  Current DPA, however, still applies to protection of personal data, as will the new GDPR.