Data Protection Act 2018
   HOME

TheInfoList



Click Here for Items Related To - Data Protection Act 2018
OR:
Data Protection Act 2018 on:   [Wikipedia]   [Google]   [Amazon]

The Data Protection Act 2018 (c. 12) is a
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and North ...
Act of Parliament Acts of Parliament, sometimes referred to as primary legislation, are texts of law passed by the Legislature, legislative body of a jurisdiction (often a parliament or council). In most countries with a parliamentary system of government, acts of ...
which updates
data protection Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
laws in the UK. It is a national law which complements the European Union's
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
(GDPR) and replaces the
Data Protection Act 1998 The Data Protection Act 1998 (DPA, c. 29) was an Act of Parliament of the United Kingdom designed to protect personal data stored on Computer, computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Da ...
.


Background

The Data Protection Bill was introduced to the
House of Lords The House of Lords, also known as the House of Peers, is the Bicameralism, upper house of the Parliament of the United Kingdom. Membership is by Life peer, appointment, Hereditary peer, heredity or Lords Spiritual, official function. Like the ...
by Lord Ashton,
Parliamentary Under-Secretary of State Parliamentary Under-Secretary of State (or just Parliamentary Secretary, particularly in departments not led by a Secretary of State (United Kingdom), Secretary of State) is the lowest of three tiers of Minister (government), government minist ...
at the
Department for Digital, Culture, Media and Sport , type = Department , logo = Department for Digital, Culture, Media and Sport logo.svg , logo_width = , logo_caption = , seal = , seal_width = , seal_caption = , picture = Gove ...
on 13 September 2017. The Data Protection Act 2018 received
royal assent Royal assent is the method by which a monarch formally approves an act of the legislature, either directly or through an official acting on the monarch's behalf. In some jurisdictions, royal assent is equivalent to promulgation, while in other ...
on 23 May 2018. The Act came into effect on 25 May 2018. It was amended on 1 January 2021 by regulations under the
European Union (Withdrawal) Act 2018 The European Union (Withdrawal) Act 2018 (also known as the Great Repeal Act) is an Act of Parliament, Act of the Parliament of the United Kingdom that provides both for repeal of the European Communities Act 1972 (UK), European Communities A ...
, to reflect the UK's status outside the EU. It replaces the
Data Protection Act 1998 The Data Protection Act 1998 (DPA, c. 29) was an Act of Parliament of the United Kingdom designed to protect personal data stored on Computer, computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Da ...
. The Act applies the data protection standards set out in the GDPR and, where the GDPR allows EU member states to make different choices for its implementation in their country, defines those choices for the UK.


Contents

The Act has seven parts. These are outlined in Section 1: # This Act makes provision about the processing of personal data. # Most processing of personal data is subject to
GDPR The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
. # Part 2 supplements the GDPR (see Chapter 2) and applies a broadly equivalent regime to certain types of processing to which the GDPR does not apply (see Chapter 3). # Part 3 makes provision about the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive. # Part 4 makes provision about the processing of personal data by the intelligence services. # Part 5 makes provision about the Information Commissioner. # Part 6 makes provision about the enforcement of the data protection legislation. # Part 7 makes supplementary provision, including provision about the application of this Act to the Crown and to Parliament. The Act introduces new offences that include knowingly or recklessly obtaining or disclosing personal data without the consent-giving of the data controller, procuring such disclosure, or retaining the data obtained without
consent Consent occurs when one person voluntarily agrees to the proposal or desires of another. It is a term of common speech, with specific definitions as used in such fields as the law, medicine, research, and sexual relationships. Consent as und ...
. Selling, or offering to sell, personal data knowingly or recklessly obtained or disclosed would also be an offence. Essentially, the Act implements the EU Law Enforcement Directive, it implements those parts of the GDPR which "are to be determined by Member State law" and it creates a framework similar to the GDPR for the processing of personal data which is outside the scope of the GDPR. This includes intelligence services processing, immigration services processing and the processing of personal data held in unstructured form by public authorities. Under section 3 of the
European Union (Withdrawal) Act 2018 The European Union (Withdrawal) Act 2018 (also known as the Great Repeal Act) is an Act of Parliament, Act of the Parliament of the United Kingdom that provides both for repeal of the European Communities Act 1972 (UK), European Communities A ...
, the GDPR will be incorporated directly into domestic law immediately after the UK exits the European Union. The enforcement of the Act by the
Information Commissioner's Office The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independe ...
is supported by a data protection charge on UK data controllers under the Data Protection (Charges and Information) Regulations 2018. Exemptions from the charge were left broadly the same as for 1998 Act: largely some businesses and non-profits internal core purposes (staff or members, marketing and accounting), household affairs, some public purposes, and non-automated processing. Under the 2018 Act the enforcement regime for registration changed from criminal to civil monetary penalties. The Act introduces a new public interest test applicable to the research processing of personal health data.


Additions

The Data Protection Act (2018) is a revision of the Data Protection Act (1998) which includes the importance of organizations to be more responsible with the information as well as improving the confidentiality. The latter revision also works in tandem with the GDPR, which the Data Protection Act (1998) didn't do. From the Data Protection Act (1998) to the Data Protection Act (2018), the key additions are the following: * the right to
erasure Erasure () is an English synth-pop duo formed in London in 1985, consisting of lead vocalist and songwriter Andy Bell with songwriter, producer and keyboardist Vince Clarke, previously known as co-founder of the band Depeche Mode and a membe ...
* inclusions of exemptions of the Data Protection Act * being regulated in tandem with the GDPR The revision allowed the law makers to add the ability to erase any data if the individual chooses to and this is based on the premise of the basic right to privacy. The 2018 version allowed people to get a clear interpretation of the exemptions of the act, which was unclear in the 1998 version. When the Data Protection Act (1998) was being made, the GDPR did not exist, thus there was no law for the DPA to work with. Eventually, with the creation of the GDPR, the DPA was updated to work in tandem.


References


External links


Full text of the Data Protection Act 2018The Data Protection (Charges and Information) Regulations 2018Information Commissioner's Office DPA 2018 page
{{Webarchive, url=https://web.archive.org/web/20180807125127/https://ico.org.uk/for-organisations/data-protection-act-2018/ , date=2018-08-07 United Kingdom Acts of Parliament 2018 Information privacy Data laws of the United Kingdom Data protection