UK’s Data Protection Act, 2018
The Data Protection Act, 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). It lays down data protection principles that must be complied with by organisations, businesses and the government.
What is UK DPA 2018?

Data Protection Act, 2018 is a law of United Kingdom (England, Wales, Scotland and Northern Ireland). After the exit of UK form EU (Brexit), GDPR is no more the governing the data protection in the UK. DPA 2018 was amended on 1st January, 2021 with the DPPEC (Data Protection, Privacy and Electronic Communication (Amendments etc ) (EU Exit)) Regulations 2019. This new regime is also known as UK GDPR.

- Jurisdiction
- The UK GDPR applies to the processing of personal data carried out by organizations operating
- within the UK. It also applies to organizations outside the UK that offer goods or services to individuals in the UK.
- Requirements
- Lawful processing of personal data based on user consent, contract, legitimate interest, vital
- interest, public interest and legal requirements
- Transparency through privacy policy and cookie policy.
- Restricting the processing strictly to the purpose.
- Process minimal data for necessary time periods.
- Integrity and confidentiality of the data through access control, encryption, pseudonymisation,
- anonymization and other state-of-the-art information security practices.
- Demonstration of accountability with proper documentation, contracts, data protection impact
- assessments (DPIAs), incident response strategies, appointment of DPO and code of conduct.
- Ensuring right to the data subjects including Rights to be informed, access, rectification, object,
- data portability and erasure.
Fine
Maximum fine of 17.5 million GBP or 4% of annual global turnover – whichever is greater.
- Jurisdiction
- The UK GDPR applies to the
- processing of personal data carried out by organizations operating within the UK. It also applies to organizations outside the UK that offer goods or services to individuals in the UK.
- Requirements
- Lawful processing of personal data
- based on user consent, contract, legitimate interest, vital interest, public interest and legal requirements
- Transparency through privacy
- policy and cookie policy.
- Restricting the processing strictly to the purpose.
- Process minimal data for necessary time periods.
- Integrity and confidentiality of the
- data through access control, encryption, pseudonymisation, anonymization and other state-of-the-art information security practices.
- Demonstration of accountability
- with proper documentation, contracts, data protection impact assessments (DPIAs), incident response strategies, appointment of DPO and code of conduct.
- Ensuring right to the data subjects
- including Rights to be informed, access, rectification, object, data portability and erasure.
Fine
Maximum fine of 17.5 million GBP or 4% of annual global turnover – whichever is greater.
How our privacy team can help

At Tsaaro’s, our privacy team comprises of experienced lawyers and InfoSec professionals. Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.
- Assess the applicable global personal data protection laws
- (Regulatory Assessement)
- Ensure Data Protection by Design.
- Protection your organisation against hefty fines.
- Improve customer and investor’s trust in your organisation.