Q&As

In respect of a historic breach of the Data Protection Act 1998 (DPA 1998) by a company that occurred and was rectified before 25 May 2018 would: (a) relevant data subject's rights to compensation under data protection legislation; and (b) the financial penalties that may be imposed by the ICO, be governed by the DPA 1998 and/or the GDPR/Data Protection Act 2018?

read titleRead full title
Produced in partnership with Audrey Guinchard
Published on LexisPSL on 16/01/2020

The following Information Law Q&A produced in partnership with Audrey Guinchard provides comprehensive and up to date legal information covering:

  • In respect of a historic breach of the Data Protection Act 1998 (DPA 1998) by a company that occurred and was rectified before 25 May 2018 would: (a) relevant data subject's rights to compensation under data protection legislation; and (b) the financial penalties that may be imposed by the ICO, be governed by the DPA 1998 and/or the GDPR/Data Protection Act 2018?
  • Fines
  • Compensation
  • Historic acts or omissions leading to a subsequent breach of the GDPR

In respect of a historic breach of the Data Protection Act 1998 (DPA 1998) by a company that occurred and was rectified before 25 May 2018 would: (a) relevant data subject's rights to compensation under data protection legislation; and (b) the financial penalties that may be imposed by the ICO, be governed by the DPA 1998 and/or the GDPR/Data Protection Act 2018?

Regulation (EU) 2016/679, the General Data Protection Regulation (the GDPR) was enacted on 27 April 2016 but only came into force on 25 May 2018 as per Article 99 of Regulation (EU) 2016/679, GDPR. Prior to 25 May 2018, the Data Protection Act 1998 (DPA 1998) governed the processing of personal data in the UK. DPA 1998 incorporated provisions of Directive 95/46/EC (the Data Protection Directive) (now repealed by the GDPR) into UK law.

On 25 May 2018, the GDPR became directly applicable in all EU Member States (including the UK).

In the UK, the Data Protection Act 2018 (DPA 2018), which received Royal Assent on 23 May 2018, made a number of detailed provisions relating to how the GDPR applies in the UK, including the creation of certain offences and enforcement powers of the Information Commissioner’s Office. For more information, see Practice Notes: The Data Protection Act 2018 and Offences under the Data Protection Act 2018. In summary, DPA 2018 generally became applicable in

Popular documents