Data Protection Act & GDPR Comparison
- Created by: ashjack
- Created on: 17-04-18 10:26
View mindmap
- Data Protection Act (1998)
- General Data Protection Regulation (GDPR)
- Data controllers must inform subjects what information is being collected and for what purpose
- Data must be obtained for specific, legal purposes, and use can only take place when the subject has been informed
- Data must be obtained and processed lawfully
- Data must be adequate, relevant and limited to the purpose specified
- Data must not be excessive, and it must be relevant for the required purpose
- Data must be accurate and kept up-to-date
- Data must be accurate and up-to-date
- Data must not be kept for longer than necessary
- Data must not be kept for longer than necessary
- Data must be protected through appropriate security measures
- Data must be kept secure and prevented from misuse
- Individual rights
- All subjects must be informed of any collection and usage of data
- All subjects are allowed to view data stored on them, and have a right to question its legality
- All subjects can request that data is corrected or completed should it not be so
- All subjects can request that data is deleted
- All subjects can request that their data is transferred to relevant places
- All subjects can opt-out of communications e.g. emails, texts
- Data must not be transferred outside the EU unless the destination country has a valid data protection law
- Data must not be kept for longer than necessary
- Data must be kept secure and prevented from misuse
- Data must be obtained and processed lawfully
- Data must only be held for specified, lawful purposes
- Data must not be excessive, and it must be relevant for the required purpose
- Data must be accurate and up-to-date
- Data must be processed in accordance with the rights of the subject
- General Data Protection Regulation (GDPR)
Similar ICT resources:
Teacher recommended
Comments
No comments have yet been made