What is the Data Protection Act 2018?
The UK's Third Generation of Data Protection law has now received the Royal Assent and its main provisions commenced on 25th May 2018. The new Act aims to modernise data protection laws to ensure that they are effective in the years to come.
An Introduction to the Data Protection Bill
As the Data Protection Bill went through Parliament we produced an overview document as an introduction to help people and organisations navigate their way around it and focus on the sections that were most relevant to them. It remains a helpful resource but it is important to note that it does not reflect the final text of the legislation. Now that the legislation has received Royal Assent we are updating this document to reflect the final contents of the Act and will make it available as soon as possible.
Our intention in the longer term is to develop our main suite of guidance to cover the Data Protection Act 2018 in more detail. We will publish this under the umbrella of a new Guide to Data Protection which will cover the GDPR, the applied GDPR, Law Enforcement and any other relevant provisions.
What is the difference between the DPA 2018 and the GDPR?
The GDPR has direct effect across all EU member states and has already been passed. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DPA 2018 is the details of these. It is therefore important the GDPR and the DPA 2018 are read side by side.
Information about how to get ready for the GDPR can be found in our Guide to the GDPR.
However, the DPA 2018 is not limited to the UK GDPR provisions.
Please now go to the following Information Commissioners Office Data Protection Act 2018 page and read through the ICO's additional information that will be of benefit to you.
You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"