8 months ago



The Legislation Maximum Fines DPA - Directive sets aims and requirements and implients through national legislation GDPR – Regulation is binding for all member states Responsibility DPA - £500,000 GDPR – 4% of annual revenue or €20 million Definition of Personal Data DPA - Data Controllers Only GDPR – Both Controllers and Processors Breach Notification DPA - Not mandatory for some organisations. GDPR – Mandatory and within 72 hrs DPA - Personal and Sensitive Data GDPR – Now includes online identifiers, location data and genetic data Parental Consent / Legal age Limit DPA - Not Required / No legal age GDPR – Parental Consent Required / 13 yrs Right to Claim Compensation Subject Access Requests DPA - Any person who’s suffered material damage GDPR – Any person who’s suffered material or non-material damage DPA - £10 or £50 fee GDPR – No fee and respond within 1 month Data Protection Governance Consent DPA - Management Commitment / Best Practice GDPR – Appointment of Data Protection Officer DPA - Freely given, specific and informed GDPR – Clear, affirmative action with the ability to withdraw at a later date