What Does the Data Protection Act Cover?

Coby McKinley Profile image

Written by:

Updated January 5, 2023

Whether you’re a casual browser or an avid PC user, reading a guide to the Data Protection Act is a good idea. After all, reading about data protection laws can keep you informed about consumer privacy rights and data protection rules. The act provides detailed guidance about how tech companies and public authorities can use a consumer’s data. So, stick around to learn what does the Data Protection Act cover, and stay informed about your legal protections.


  • The General Data Protection Regulation (GDPR) Act oversees the security standards and access rights for personal data.
  • Companies must disclose what data they collect, and the data’s purpose and they must protect the data from security breaches or harm.
  • The GDPR updates public-sector data security guidelines, and it sets legal consequences for companies that misuse consumer data.

For more information, check out the principles of the Data Protection Act, what the DPA is, the repeal of net neutrality, what data protection is, and the pros of net neutrality.

Insider Tip

You can use a VPN at home for additional protection against ISP tracking or attacks on your IP address.

Guide to the Data Protection Act

The UK General Data Protection Regulation Act (GDPR) 2018 is an updated version of a 1998 bill of the same name. This act is nearly identical to the European Data Protection Regulation Act but has specific language and standards for the post-exit UK.

The GDPR’s core activity is to update the security standards and access rights for consumer data. This act applies to financial institutions, private companies, and legal entities within the UK. Lastly, the act provides stronger protections against privacy issues and bad business practices with personal records.

Data Protection Principles

Seven key themes define the core functionality of the UK GDPR. The seven data protection principles outline consumer data protection standards across public and private-sector organizations.

Companies must receive explicit consent for the data they collect and can only use it for previously-disclosed reasons. Additionally, the collected data must be accurate, specific, and anonymized after a period of time. Lastly, companies must protect user data from damage, theft, and destruction.

General Data Rules

Consumers have the right to request their personal records from private and public entities. Additionally, the general rules set the age of consent for processing data at 13, and consumers can request that companies delete their data. The general rules also update the security policies surrounding special category data like healthcare or legal information.

Law Enforcement and Intelligence Services

The GDPR updates personal data security laws while ensuring efficient data flow between law enforcement agencies. Additionally, the GDPR updates data privacy in the intelligence community.


Private-sector organizations and businesses in the US can sell your data without asking, so be careful what information you share online.

GDPR Enforcement

Infringing on the GDPR probably won’t result in a criminal conviction, but companies face major fines for misusing customer data. The Information Commissioner can enact fines up to $21 million or 4% of global turnover, whichever is higher.

STAT: A 2021 Pew Research Center survey showed that 96% of Americans under 65 years old use the internet. (source)

What Does the Data Protection Act Cover FAQs

Does the US have a GDPR act?

The United States doesn’t have a comprehensive approach to privacy and consumer data. California passed the California Consumer Privacy Act (CCPA) in 2018, and it provides many of the same protections guaranteed in the UK GDPR. While most national companies operate within the CCPA, they aren’t legally required in most states.

What are Data Protection Officers?

A data protection officer (DPO) oversees GDPR compliance in companies that collect information on employees, customers, or other data subjects. Companies are required to hire a data protection officer, and they operate in a third-party manner to ensure transparency and accurate compliance reporting. Additionally, the DPO is the business contact for consumer data requests and profile deletion.

How can I protect my data?

Experts recommend limiting the amount of data you share with websites and on social media. Additionally, a VPN can protect your IP address and computer from ISP tracking and hackers.
Coby McKinley Profile image