Information governance (IG), is the overall strategy for information at an organisation. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organisation can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behaviour regarding how organisations and their employees handle electronically stored information (ESI).

Data Protection Act 2018

The Data Protection Act 2018 (c. 12) is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union’s General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

The Data Protection Act 2018 achieved Royal Assent on 23 May 2018. It applies the EU’s GDPR standards. Whereas the GDPR gives member states limited opportunities to make provisions for how it applies in their country, one element of the DPA 2018 is the details of these, applying as the national law. The DPA 2018 is however not limited to the UK GDPR provisions.

The Act has seven parts. These are outlined in Section 1:
  1. This Act makes provision about the processing of personal data.
  2. Most processing of personal data is subject to GDPR.
  3. Part 2 supplements the GDPR (see Chapter 2) and applies a broadly equivalent regime to certain types of processing to which the GDPR does not apply (see Chapter 3).
  4. Part 3 makes provision about the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive.
  5. Part 4 makes provision about the processing of personal data by the intelligence services.
  6. Part 5 makes provision about the Information Commissioner.
  7. Part 6 makes provision about the enforcement of the data protection legislation.
  8. Part 7 makes supplementary provision, including provision about the application of this Act to the Crown and to Parliament.

GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA.