Cybersecurity is evolving — Strike Graph is leading the way.
Check out our newest resources.
Find answers to all your questions about security, compliance, and certification.
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?
With the landscape of privacy and security constantly evolving, it can be a challenge to know when legislation has changed with it – especially older, foundational laws like the Data Protection Act of 1988. And if an older law like this is no longer active, are organizations still subject to its requirements? For any company that stores personal data, the answer is often yes. But, the requirements typically are mandated by a modernized version of the original law.
This is the case with the Data Protection Act (DPA) of 1988. Most of its foundational ideas still exist in some form, so it's important for organizations to know exactly which portions of the law they’re still required to adhere to.
The Data Protection Act (DPA) of 2018 is a UK law which updated the way that organizations handle and protect people’s personal data. This law is the way that the UK specifically implements the General Data Protection Regulation (read our quick Guide to GDPR here) and the ways those regulations are enforced.
People might wonder: with the new DPA of 2018 in place, has the DPA of 1988 been repealed? A better way to frame this is that the 2018 version of the DPA now supersedes the 1988 version (and the versions that have been established since then, like the 1998 version) because of its updated procedures for the modern digital world.
The reality is that it would be hard to repeal any law that set the stage for security and privacy in the way that this historic act did. The following are major concepts in the security landscape that the DPA of 1988 helped to establish:
The DPA of 1988 established foundational concepts that will continue to guide security legislation. But, those concepts have evolved to better meet the needs of the current day with updated versions like the current 2018 Act in the UK.
The Data Protection Act and General Data Protection Regulation are in many ways connected as forms of data legislation. The GDPR is the data privacy and security standard in the EU, and it is widely considered one of the strongest collections of data protection regulations in the world. The DPA of 2018 is the UK’s complete set of data protection systems, which includes data represented by the GDPR, but also other generalized data, like that of national security and law enforcement interest.
There are, however, some nuanced differences between the two and areas where the DPA makes slight changes to GDPR measures to better suit the UK’s context. The following are some examples of the differences between the two:
Overall, the GDPR is the security standard for working with European customers or businesses. But knowing that the DPA is the way that the UK administers and enforces this standard, while allowing for some of its own changes, is important for anyone doing business in either region.
For anyone doing business in Europe or with European customers – OR with the UK – GDPR compliance is a must. No matter what region you’re working with, Strike Graph’s comprehensive platform will streamline your road to compliance with GDPR-mapped controls, automatic evidence collection, cross-team task distribution and more.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.
© 2024 Strike Graph, Inc. All Rights Reserved • Privacy Policy • Terms of Service
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?