After 20 long years, the privacy landscape in the UK is finally getting a much needed upgrade with the Data Protection Act 2018 (DPA 2018). Naturally, the question on everyone’s mind is – is it the same as the General Data Protection Regulation (GDPR) and what will happen after UK moves out of the EU?
DPA 2018 is Not the Same as GDPR
GDPR is an EU-wide regulation, which demands compliance by all the member states. Under Article 50, UK must follow all the EU legislation for the notification period. This means that it must follow all the EU-wide regulations for the time being, the latest in line being the GDPR. There is also the case of the worldwide jurisdiction that GDPR enjoys. GDPR does not only apply to organisations that are geographically based in the EU, but also to all the organisations that collect and/or process the data of the EU residents. Therefore, GDPR applies to most of the UK businesses as it is. In the light of this fact, it made complete sense for the UK government to craft a modern Data Protection Act in line with the GDPR.
Why Change DPA 1998?
DPA 1998 had been in place for two decades now. It has been the defining regulation on how organisations store and treat the data of their employees and consumers. But, with time, technology has undergone a tremendous change. Whatever platforms, devices, and technology backing them were present in 1998 have gone obsolete. People’s data has become much more valuable. In addition to this, with the advent of big data and machine learning, it has become a lot easier to profile people and use it to sell them products or to manipulate their thoughts on a mass scale. So, it is only logical that a new set of laws and regulations are required to recognise the modern significance of data and regulate its collection and processing accordingly.
What Does DPA 2018 Cover?
There are limited instances within GDPR where the member states can create provisions that are better suited for the individual country. Those GDPR provisions form a part of the DPA 2018. That is the reason it is important for organisations to have knowledge of GDPR in order to completely understand the regulations under DPA 2018. But, there are more components to the new Data Protection Act than just the GDPR provisions.
It also deals with the data of immigrants, intelligence services, and more that are not a part of the GDPR document, but are significant in the national context. The idea is to apply the world-class GDPR standards to these areas to promote transparency and protection.
DPA 2018 is a much needed piece of legislation in the UK. It will not only upgrade the individual privacy laws existing in the country, but will also assist in easy transition out of the EU. Even after the UK leaves the EU, there will continue to be a heavy movement of data between the EU and the UK. A law like the DPA 2018 that derives from GDPR will allow for seamless movement of data between the two entities.