The Data Protection Act 2018 explained: What UK CISOs need to know

The UK’s implementation of EU's GDPR shares the same core requirements but has key differences for certain kinds of data and processing.

Brexit / GDPR  >  Cutting connections / United Kingdom / European Union / global security shield
EGAL / Your Photo / Getty Images

Data Protection Act 2018 definition

The Data Protection Act (DPA) 2018 is the UK’s data protection law. It brings the EU’s General Data Protection Regulation (GDPR) into the UK’s legal system and defines how personal data should be processed and protected. DPA 2018 is the third generation of UK data protection law and replaces DPA 1998.

While it retains the same core requirements as the GDPR, the DPA 2018 features extra requirements and exemptions, especially around specific types of data and processing purposes such as crime data and national security purposes.

As the UK prepares to leave the European Union, it faces the prospect of being subject to the DPA 2018 and a second UK-GDPR, and preparing for potential changes post-Brexit.

What are the core Data Protection Act 2018 requirements?

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.