Data Protection Act and GDPR Introduction

Dear all,

People often ask, what is the difference between the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR)? First of all they are the result of a combined effort by the UK and EU to harmonise and strengthen data protection laws, the difference between them is that the GDPR was implemented by the European Union, the DPA was implemented by the UK Government, overseen and enforced by its policing arm, the ICO. The Data Protection Act supplements the GDPR at part two and also looks to add to it at chapter 3, which is other general processing which applies outside of the EU.

In all, the DPA 2018 is the GDPR. We can be prosecuted under either regulation.

What this means for the UK, in a post BREXIT world is that the GDPR, is built into the Data Protection Act and will be utilised by the UK Government as we make the BREXIT transition.

"The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR)" - and that's from the Government.

What we need to focus on is the protection of personal data within our companies, businesses, institutes and in day to day life. The DPA applies to just about everyone and it pushes us to become more self aware in this digital age. That doesn't mean that paper records aren't important, it means that information, no matter in what form is to be respected, secured and securely disposed off come the time.

Security and protection of personal data

We'll talk about controllers and processing another time, for now we should remain fixed on the fact that processing (for example writing down, processing, storage of) information is based on either consent or another specified (and legal) basis. For to process data without either one, is unlawful - and that's where the trouble starts.

We should also remember that the data subject, i.e. us people, have a right to enquire about the processing of our data and a right to have the data rectified if inaccurate. It's important to keep data up to date in some cases, like moving home, otherwise our correspondence may not get to us in some circumstances and that can and does lead to data theft and loss.

The ICO (Information Commissioner's Office) is the arm of the UK Government that looks to act and enforce data protection law, by promoting and helping security and taking into account the needs of people (data subjects) and the public in general. Its commissioner, answers to the UK Government.

Next time we'll talk about data protection terms.

Thanks for reading...

Regards

Steven