August

The current criminal records check system, which is used by employers when hiring for certain roles, disproportionately damages the chances of those with minor offences, according to a case currently being heard by the country's top court.

The government is appealing a May 2017 Court of Appeal decision, which held that Disclosure and Barring Service (DBS) checks for individuals with multiple convictions and certain specified offences were contradictory to people's right to private and family life under article 8 of the European Convention of Human Rights.

Following a 2013 Court of Appeal decision, the government introduced a filter which meant single convictions for certain offences for which the person was not given a custodial sentence would not be revealed to employers, provided the conviction was spent. However, this filter does not apply to people with more than one conviction, regardless of the nature of the crimes.

Judgment is expected to be reserved, meaning it will be delivered at some point in the future, rather than straight after the hearing.

While both the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) are similar in nature, the DPA 2018 covers areas that are not covered by the GDPR and deals with "the processing of personal data by certain authorities for law enforcement purposes by bringing the Police and Criminal Justice Directive (Law Enforcement Directive or LED) into UK law".

It also applies an updated form of the GDPR to processing that is outside both the LED and GDPR and aims to ensure that the UK would be able to exchange freely data with the European Union after Brexit. Five features of the DPA 2018 are different than the 1998 regulations. These include: An increased consent requirement, the right to erasure, children's data, the right to data portability and automated decision-making and profiling".

GDPR gives EU citizens significant rights concerning how personal data is collected, processed, and transferred by data controllers and processors.

Yet, there's a difference in how the EU and U.S. view "personal data". For example, "personally identifiable information" is a term commonly used in the U.S. and includes information used to distinguish someone's identity. This broad definition has far reaching implications for all U.S. organizations to comply with the GDPR because of the increase in the scope of data with the definition of "personal data".

Determining whether GDPR applies can be analyzed by knowing if the U.S. organization has an established presence in the EU, if the U.S. organization processes personal data of data subjects in the EU by offering subjects goods or services, and if the organization processes personal data in the EU by monitoring behavior. If any apply, then U.S. organizations are compelled to comply.