Data Protection Act 2018 Policies

Are your Data Protection Act 2018 policies and procedures still compliant? The GDPR and the UK’s Data Protection Act 2018 (DPA18) have been in force since 25th May 2018. The laws brought with them stronger protections for individuals and their personal data. Much of the DPA18 writes the GDPR into UK law and provides additional rules and requirements for derogations and exemptions. Additionally, it contains requirements for areas outside of the GDPR scope, such as law enforcement and intelligence services processing.

Data Protection and Brexit

In regard to data protection and Brexit, the UK left the EU on 31 January 2020 and entered into a transition period which lasts until the end of December 2020. During this period, the EU GDPR still applies to UK businesses processing personal data, however as the UK government intends to incorporate the GDPR into the DPA18 (as the ‘UK GDPR’),  firms with current obligations under the GDPR will likely only see a few changes in their data protection controls and measures. 

Data Protection Act 2018 Policies

With so many requirements imposed on businesses who process personal data, developing and writing policies and templates from scratch can seem like a daunting task, which is why thousands of organisations from SME’s and sole traders, through the the NHS and UK Government departments use our GDPR documents and toolkits.

You may be a small business processing tiny amounts of personal data and are only looking for the basic policies and templates. Similarly, you may be a larger firm or have more complex data processing activities. These could include carrying out high risk or special category processing or legitimate interest assessments.

With this in mind, the type of Data Protection Act 2018 policies and controls you have in place is essential. From basic GDPR policy templates, through to data protection impact assessments, we have a GDPR template to suit you.