GDPR vs DPA (1998)

What are the principles of GDPR?

What are the principles of DPA (1998)?

What are the differences?

What are the similarities?

Under the DPA, you have the right to know what information the government and other organisations store about you. This includes the right to:

there are stronger legal protections for sensitive information such as:

everyone responsible for the handling of personal data must follow the 'data protection principles' these are:

information must be used fairly, lawfully, and transparently
information is used for specified, explicit purposes
information is used in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
data cannot be held for longer than necessary
data must be handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

GDRP broadly covers personal data, DPA includes UK specific requirements

DPA imposes additional safeguarding for processing sensitive data

GDPR applies to all EU members, DPA is specific to the UK

each EU state has a supervisory authority for GDPR, DPA ICO in the UK

request information

lawful, fair and transparent

handling of personal data

consent for data

Storage limitation: Data shouldn't be kept for longer than necessary

Accountability : Data controllers are responsible for complying with GDPR rules

Lawfulness, Fairness, and transparency: The processing of personal data must be lawful and transparent

Accuracy: Personal data must be accurate and kept up to date (where necessary)

GDPR is stricter than DPA

Consent: The data subject must give clear affirmative consent and they reserve the right to withdraw consent at any time

GDPR has limited provisions for legal purposes, national security. DPA incorporates exemptions and derogations for UK requirements.

be informed about how your data is being used

access personal data

have incorrect data updated

have data erased