Today we are going to compare and decide what is better: GDPR or DPA? It is important to remind that GDPR will come into being this month. It is created for replacing the Data Protection Act. But why is it better and why it can replace DPA which is used since 1995?
There are a number of different reasons, so let’s investigate them!
Firstly, as for the geographical reach and scope, DPA is a kind of freewill, and that’s why not so many companies utilize it. However, GDPR is obligatory and after 25th May it will apply to all European nations and all companies which hold personal information about European citizens. The reason for it is that it will be legally enforceable, so every company should stick to the rules of GDPR.
Definition of personal data
The next difference between GDPR and DPA lies in defining what the personal data is. Data Protection Act controls only the data which is connected with identifying individuals or their personal details. General Data Protection Regulation is planning to broaden the size of information and also include here such important notions as online identification markers, location data, genetic information and many others. It is significant information which is owned by customers and sometimes may be abused by many companies.
One of the biggest differences which can help you to decide what to use GDPR or DPA is consent policies. Due to DPA, it is not necessary for users to agree or disagree with using their personal data. But now owing to GDPR every consumer must be acquainted with clear privacy notices with the help of which he or she can make an accomplished decision whether to allow using and storing their data for companies or not.
Unlike Data Protection Act, GDPR is mostly focused on providing all people with explicit accountability related to data protection. Companies are now really responsible for all information they hold. Consequently, they must take actions in order to comply fully with the principles of the regulation. For instance, they must prepare and train their staff, make all necessary internal data audits and keep detailed documentation about the personal data of consumers which they are holding.
Data breach policies
Another reason why to choose GDPR is connected with data breach policies. Adhering to DPA, businesses must not report about all data breaches which occur. Of course, they are encouraged to do it, but they never do it. Coming GDPR into being, everything will change. The relevant authorities must be informed about breaches within 72 hours after the incident.
Data protection governance
The next important thing in the battle «GDPR or DPA» is data protection governance. Unfortunately, the Data Protection Act does not deal with allocating the governance of data security functions. But General Data Protection Regulation will appoint a special-purpose data protection officer to the companies which have more than 250 people as the staff or which process more than 5,000 subject profiles every year.
Penalties and compensation
And finally, there is one more significant reason – penalties and compensation. It will be stronger due to GDPR, and that’s why more effective.
To sum it up, there are different advantages of GDPR that are really significant and make it better than DPA.