Please enable JavaScript.
Coggle requires JavaScript to display documents.
GDPR vs DPA (1998) - Coggle Diagram
GDPR vs DPA (1998)
What are the differences?
GDRP broadly covers personal data, DPA includes UK specific requirements
DPA imposes additional safeguarding for processing sensitive data
GDPR applies to all EU members, DPA is specific to the UK
each EU state has a supervisory authority for GDPR, DPA ICO in the UK
GDPR is stricter than DPA
GDPR has limited provisions for legal purposes, national security. DPA incorporates exemptions and derogations for UK requirements.
What are the principles of GDPR?
Storage limitation: Data shouldn't be kept for longer than necessary
Accountability : Data controllers are responsible for complying with GDPR rules
Lawfulness, Fairness, and transparency: The processing of personal data must be lawful and transparent
Accuracy: Personal data must be accurate and kept up to date (where necessary)
Consent: The data subject must give clear affirmative consent and they reserve the right to withdraw consent at any time
What are the similarities?
request information
lawful, fair and transparent
handling of personal data
consent for data
What are the principles of DPA (1998)?
Under the DPA, you have the right to know what information the government and other organisations store about you. This includes the right to:
be informed about how your data is being used
access personal data
have incorrect data updated
have data erased
there are stronger legal protections for sensitive information such as:
race
ethnicity
political opinions
religious beliefs
trade union members
genetics
biometrics
health
sexuality
everyone responsible for the handling of personal data must follow the 'data protection principles' these are:
information must be used fairly, lawfully, and transparently
information is used for specified, explicit purposes
information is used in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
data cannot be held for longer than necessary
data must be handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage