5 Key Changes in the GDPR from the DPA 1998

There has been working Data Protection Act (DPA) in 1998. Why bother with new regulation and enforce on business? The GDPR is well-rounded regulation which covers extensively on Data Privacy Management and Individual rights. The GDPR supersedes DCP 1998.
1. Boundary has changed
Current DPA 1998, is quite strict on Data Protection and is clear in the definition. But it is applicable within the EU; Non-EU organisations are exempt even though there are some regulations such as Privacy Shield and Safe Haven which supports but not to the extent of GDPR.
2. Penalties
In DPA 1998, the penalty or fine imposed on a serious data breach is up to £500,000. Many organisations do not have to have proactive controls to avoid breaches. In GDPR, the penalties are 20 million or 4% annual turnover whichever is greater for serious offences and for not having controls in place the organisation is fined 2% of annual turnover.
3. Explicit Consent
Data Analytics and Big Data have opened numerous opportunities to the organisation. The general public who is the real owners of the data is not aware how their data is used or misused in some cases. GDPR sets out clear guidelines on how these consent should be obtained with explicitly.
4. Data Protection by Design
The major change in GDPR is Data Privacy Management which is full Lifecycle (collection, archive, usage, destroy) it is defined in the DPA 1998 but not as clear as in GDPR. Data protection in GDPR is proactive and preventative rather than reactive and remedial.
5. Data Subject Rights
In GDPR, Data owner rights are clearly defined. If the owners feel that their data is not managed properly then they have the right to get the access. At the same time, organisations and their suppliers MUST know their roles as controllers and processors. Failure to understand their roles will be very costly to the Organisations. Also, in case of breaches, the supervising organisation and the owners must know the breach immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Anti-Spam by WP-SpamShield