GDPR vs DPA
GDPR The General Data Protection Regulation (GDPR) will replace the UK Data Protection Act 1998 (DPA) on 25 May 2018. Although the underlying principles of the two pieces of legislation are similar, the changes brought in by the Regulation have significant ramifications. Crucially, GDPR introduces several new and demanding requirements for UK organisations that are likely to necessitate new policies, business processes and technologies.
GDPR v DPA Fines Currently, the Information Commissioner’s Office (ICO) can issue fines of up to £500K to any UK organisation that “seriously breaches” the DPA. Under GDPR, organisations that fail to comply with the Regulation risk fines of up to €20m, or 4% of their annual global turnover - whichever is higher. Even minor infringements will result in fines of €10m, or 2% annual global turnover. While this is unlikely this will affect DIO to any great extent1, a ‘breach’ remains highly undesirable.