Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn how to validate the effectiveness of your cyber security controls. Join our webinar on September 8th.

Overview

Protecting data in today's digital information age

The Data Protection Act 2018 (DPA), which received Royal Assent in May 2018, is a comprehensive legal framework for UK data protection. It replaces the DPA 1998 to set new, clarified and modernised standards for safeguarding data in the digital world.

The DPA 2018 is designed to govern the protection of personal data to the standards set by the EU’s General Data Protection Regulation (GDPR). It also covers general data, law enforcement data and national security data.

Aims

Aims of the DPA 2018

The UK government states that the DPA 2018 intends to:

  • Make UK data protection laws fit for the digital age
  • Empower individuals to take control of personal data
  • Support UK organisations through the legal transition
  • Ensure the UK is prepared for its post-EU future

Compliance measures

Ensuring your cyber security meets the standards of DPA 2018

Among a variety of measures necessitated by the GDPR and DPA 2018 is the need to have appropriate controls in place to protect personal data as well as to detect, investigate and report security breaches.

Redscan’s cyber security experts can help your organisation achieve DPA and GDPR security requirements by:

• Enhancing understanding of and reviewing security risks

• Improving resilience against threats

• Detecting and responding to cyber-attacks

Assisting with breach reporting procedures

FAQ

Data Protection Act 2018 FAQs

Which organisations does the DPA 2018 affect?

In accordance with the GDPR, the DPA applies to all organisations that process any form of personal data. It also affects organisations that process sensitive data related to law enforcement and national security.

What is the difference between the DPA 1998 and the DPA 2018?

The DPA 1998 was the legal framework for data protection in the UK for 20 years, but it is no longer fit for purpose given the large scale of data processing in the digital era.

The DPA 2018 requires organisations to better understand the data they hold, establish accountability, improve cyber security controls and be transparent in the event of a breach. Penalties for non-compliance are also now significantly higher.

What is the maximum fine under the DPA 2018?

The Data Protection Act 2018 enhances the powers of the Information Commissioner’s Office (ICO) to regulate and enforce data protection laws.

For the most serious data breaches, organisations are liable to receive a fine as high as £17 million or 4% of global turnover, whichever is higher. This is a straight conversion of the maximum sanction permitted under the GDPR.

What is the difference between the GDPR and the DPA 2018?

The GDPR is the governing piece of EU legislation applicable to all member states. The DPA 2018 is the UK’s legal framework for data protection, which replaces the DPA 1998 and applies GDPR standards to UK law.

The DPA covers all the main provisions of the GDPR but also exercises modifications and exemptions in areas such as journalism, academic research, child protection and law enforcement.

Why choose Redscan?

Why choose Redscan to support DPA 2018 compliance?

As an award-winning provider of managed security and assessment services, Redscan is perfectly placed to help your organisation meet the complex demands of the Data Protection Act 2018.

By thinking like the adversary, utilising the latest tools and intelligence, and providing clear and actionable advice, we help organisations to significantly elevate cyber security maturity in line with business and compliance requirements.

A Redscan employee shakes hands with a partner

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
5th August 2020
INTERPOL assessment of Covid-19 impact shows cybercriminals shift focus from small to large organisations
INTERPOL has identified that COVID-19 has led to a significant change in focus by cybercriminals from individuals and small businesses to government, major corporations and critical infrastructure.  It has also stated that a further increase in cybercrime is very likely in the near future.    
4th August 2020
Covid-19 pandemic led to an increase in cyber-attacks for most UK organisations
Recent research has identified that 92% of organisations in the UK saw an increase in cyber-attacks due to Covid-19. The three top challenges were: identifying new personal computing devices on the network, overloaded VPN capacity issues and increased security risks from video conferencing.
28th July 2020
State of security across universities FoI report
We sent FoI requests to 134 UK universities to understand how well prepared they are to protect staff, students and vital research against cyber threats. The results painted a mixed picture. Read our report here.
20th July 2020
UK is the second most targeted country for “serious” cyber-attacks
New research suggests that the UK is the second most targeted country for “serious” cyber-attacks, defined as ones which target government agencies, defence and high-tech companies.