UK GDPR (DPA 2018)


What is the Data Protection Act 2018 (DPA2018)?

The Data Protection Act 2018 is a UK law that provides a framework for protecting personal data and replaces the 1998 Data Protection Act.

How does the DPA2018 relate to the GDPR?

The DPA2018 implements the General Data Protection Regulation (GDPR) into UK law.

Who does the DPA2018 apply to?

The DPA2018 applies to all organizations and individuals who process personal data in the UK.

What are the key principles of the DPA2018?

The key principles of the DPA2018 are: fairness lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and accountability.

What is personal data?

Personal data is any information that relates to an identifiable living individual.

What are the rights of individuals under theDPA2018

Individuals have the right to access their personal data, have inaccuracies corrected, have their data erased, and to object to certain processing activities.

What is a data protection impact assessment(DPIA)?

A DPIA is a process to assess and mitigate the data protection risks of a proposed processing activity.

What are data controllers and data processors?

Under GDPR, the data controller determines the purposes for which and the means by which personal data is processed.

So, if your company/organisation decides ‘why’ and ‘how’ the personal data should be processed, it is the data controller. Employees processing personal data within your organisation do so to fulfil your tasks as data controller.

If your organisation does not determine the 'why' or 'how' of the data processing, it is not a data controller but a data processor.

GDPR defines a data processor as an organisation that processes personal data on behalf of another organisation. A typical activity of processors is for example to offer IT solutions, including cloud storage.

A processor cannot pass the data on to another organisation. It must retain and control it in respect of the GDPR data controller, i.e. the organisation
that controls and specifies the use, access, retention and processing of said data.

An organisation can be a data processor, a data controller or both.

What are the penalties for non-compliance with the DPA2018?

Penalties for non-compliance with the DPA2018 can include fines and enforcement action by the Information Commissioner's Office (ICO).

Ready to take your data privacy compliance in your own hands?

Book a demo with our client success team or create an account.

Book A Demo  > Sign up for free  >