DPA 2018 is Not the Same as GDPR
GDPR is an EU-wide regulation, which demands compliance by all the member states. Under Article 50, the UK must follow all the EU legislation for the notification period. This means that it must follow all the EU-wide regulations, for the time being, the latest in line being the GDPR. There is also the case of the worldwide jurisdiction that GDPR enjoys. GDPR does not only apply to organizations that are geographically based in the EU, but also to all the organizations that collect and/or process the data of the EU residents. Therefore, GDPR applies to most of the UK businesses as it is. The fact, it made complete sense for the UK government to craft a modern DPA in line with the GDPR.
Why Change DPA 1998?
Data Protection Act 1998 had been in place for two decades now. It has been the defining regulation on how organizations store and treat the data of their employees and consumers. But, with time, technology has undergone a tremendous change. Whatever platforms, devices, and technology backing them were present in 1998 have gone obsolete. People’s data has become much more valuable. In addition to this, with the advent of big data and machine learning, It has become a lot easier to profile people and use it to sell them products. Or to manipulate their thoughts on a mass scale. So, it is only logical that a new set of laws and regulations are required to recognize. The modern significance of data and regulate its collection and processing accordingly.
What Does DPA 2018 Cover?
There are limited instances within GDPR where the member states can create provisions that are better suited for the individual country. Those GDPR provisions form a part of the DPA 2018. That is the reason it is important for organizations to have knowledge of GDPR in order to completely understand the regulations under Data Protection Act 2018. But, there are more components to the new Data Protection Act than just the GDPR provisions.
It also deals with the data of immigrants, intelligence services, and more that are not a part of the GDPR document but are significant in the national context. The idea is to apply the world-class GDPR standards to these areas to promote transparency and protection.
DPA 2018 is a much-needed piece of legislation in the UK. It will not only upgrade the individual privacy laws existing in the country but will also assist in easy transition out of the EU. Even after the UK leaves the EU, there will continue to be a heavy movement of data between the EU and the UK. A law like the DPA 2018 that derives from GDPR will allow for seamless movement of data between two entities.