How does the Data Protection Act 2018 supplement the GDPR in the UK?

Overview: 

  • Makes the previous data protection laws fit for the digital age when an increasing amount of data is now being processed.
  • Empowers individuals to take control of their own data.
  • Supports Organisations and UK businesses with this change.
  • Ensures the UK is ready for the future after BREXIT.

DCMS Secretary of State, Matt Hancock stated: "The Data Protection Act gives people more control over their data, supports businesses in their use of data, and prepares Britain for Brexit. In the digital world, strong cybersecurity and data protection go hand in hand. The 2018 Act is a key component of our work to secure private data online."

What does the Act enable?

  • It provides a modern and comprehensive framework for information security in the UK, with much stronger sanctions for noncompliance;
  • Sets new criteria for data protection, following the GDPR. Giving individuals much more control over their data usage and also offering them new rights to request moving or deleting private information;
  • Preserves existing exemptions that have worked well in the Information Protection Act 1998. Ensuring organizations and UK companies can still help community leading research, financial services, authorized services, and journalism;
  • Provides a bespoke framework customized towards the requirements of the UK criminal justice organizations, as well as, to the intelligence services, to safeguard the rights of victims, suspects, and witnesses. While guaranteeing the ability to handle the changing dynamics of the global risks the UK faces.

Background

The Data Protection Act 2018 achieved Royal consent on May 23rd, 2018. It facilitated the government pledge to upgrade the UK's data safety laws.

The Information Protection Act 1998 proved to be effective and positioned the UK at the forefront of data safety requirements worldwide. The 2018 Act modernizes data safety regulations in the UK, providing future proof ground for the increasingly digital society and economy.

Additionally, the 2018 Act applies the EU's GDPR standards, preparing Britain for Brexit. By employing strong data safety laws along with proper safeguards, companies will be able to work across international borders. This facilitates global trade, and brings the UK to the highest level of security, making it a dependable and trustworthy trade partner. With the DPA 2018, the UK guarantees new, innovative uses of data can continue while at the same time, strengthening the control and protection individuals have over their data.

The primary components of the 2018 Act

Overall information processing:

  • It implements GDPR requirements across almost all necessary data processing;
  • Provides transparency regarding the definitions applied to the GDPR in the UK context;
  • Ensures that health, education, and social care information can still be processed while securing that data confidentiality and safeguarding scenarios are maintained;
  • Provides restrictions to rights to access and delete data to allow specific processing in case of proper public policy justification (e.g., national security);
  • Sets the age from which parental consent isn't necessary to process information online at age 13, supported by a new age-appropriate code enforced by the Information Commissioner.

Police processing:

  • Provides a bespoke plan for the processing of personal data by the authorities, prosecutors, along with other criminal justice agencies for police purposes.
  • Allows the unhindered data flows worldwide while supplying safeguards to protect private data.

Intelligence services processing:

  • Ensures the regulations governing the processing of individual details by the intelligence services stay in-line and up-to-date with modernized global standards. Including proper safeguards so that the intelligence community is able to deal with emerging, new, and existing national security threats.

Enforcement and regulation:

  • Enacts extra drives for the Information Commissioner who'll proceed to regulate, as well as, enforce information safety laws.
  • Allows the Commissioner to levy higher management fines on information controllers and processors for the most critical data breaches, as much as £17m (€20m) or up to 4% of worldwide turnover for the most severe violations.
  • Empowers the Commissioner to get criminal proceedings from offenses wherein a data controller or maybe processor alters records with intention to prevent disclosure observing a subject access demand. 

Crucial Questions & Answers

How does the Act differ from the GDPR? 

The Act is a comprehensive information safety system; it governs standard details covered by the GDPR. It handles general data, law enforcement data, as well as national security data. Moreover, the Act exercises a selection of agreed adjustments to the GDPR that benefit the UK in places like academic investigation, financial services, and child protection.

What's the effect on businesses?

Organizations that currently work following the standard set by the information Protection Act 1998 should be well-positioned to comply with the new standards. The Act facilitates UK organizations to be able to continue exchanging data with the global community along with the EU, which is essential to many companies. 

Does the Act need organizations to enhance cybersecurity? 

Successful data security depends on organizations sufficiently protecting their IT infrastructure from malicious interference. By implementing the GDPR standards, the Act demands organizations that handle personal data to evaluate the risks of processing such data and perform appropriate measures to mitigate those risks. For many organizations, such measures include adequate cybersecurity controls.

ZIVVER can help your organization become DPA 2018 compliant in no time. Check out our pricing plans.

Get started today

RELATED
Hand_dominos_traffic-light

5 top GDPR compliance challenges, and what you can do about them

If your organization is struggling to comply with data protection regulations such as the GDPR, you can take some comfort in knowing you’re definitely not alone. Some studies have shown close to half of companies in many countries are not fully compliant with their national data protection requirements. But what are the compliance challenges these companies are […]

Read more
Hand_dominos_traffic-light

5 top GDPR compliance challenges, and what you can do about them

If your organization is struggling to comply with data protection regulations such as the GDPR, you can take some comfort in knowing you’re definitely not alone. Some studies have shown close to half of companies in many countries are not fully compliant with their national data protection requirements. But what are the compliance challenges these companies are […]

Read more
EU_California_flag

General Data Protection Regulation (GDPR) vs California Consumer Privacy Act (CCPA)

In a recent blog post we explained how the California Consumer Privacy Act (CCPA) went into effect on the 1st of January, 2020, after it was signed into law in 2018. This consumer protection legislation, the most robust yet in the United States, was essentially modelled after the General Data Protection Regulation (GDPR) in the European Union, which went into effect in […]

Read more
EU_California_flag

General Data Protection Regulation (GDPR) vs California Consumer Privacy Act (CCPA)

In a recent blog post we explained how the California Consumer Privacy Act (CCPA) went into effect on the 1st of January, 2020, after it was signed into law in 2018. This consumer protection legislation, the most robust yet in the United States, was essentially modelled after the General Data Protection Regulation (GDPR) in the European Union, which went into effect in […]

Read more
Privacy Shield ZIVVER

Statement: The end of Privacy Shield doesn’t impact ZIVVER

Recently the European Union Court of Justice ruled that the Privacy Shield is no longer valid, which sent shockwaves in the industry. The Privacy Shield, which many organizations utilized for transferring data from the EU to the US, was determined to not provide enough protection of personal data.  […]

Read more
Privacy Shield ZIVVER

Statement: The end of Privacy Shield doesn’t impact ZIVVER

Recently the European Union Court of Justice ruled that the Privacy Shield is no longer valid, which sent shockwaves in the industry. The Privacy Shield, which many organizations utilized for transferring data from the EU to the US, was determined to not provide enough protection of personal data.  […]

Read more