DPA (Data Protection Act)

What is the DPA (Data Protection Act)?

The DPA is the United Kingdom’s data  protection legislation. After Brexit, it replaced the GDPR in the UK and largely mirrors its principles. Mobile data processors and controllers operating in the UK must follow the DPA’s requirements to ensure the lawful and secure processing of personal data.

This law can lead to fines in case of non-compliance. For example, the credit reporting agency Equifax was fined of £500,000 over its 2017 data breach by the UK Information Commissioner’s Office.

DPA requirements applying to mobile data

Security of Processing

This section focuses on the security measures organizations must implement to protect personal data from unauthorized access, loss, or destruction. It may include provisions related to encryption, access controls, regular security assessments, and incident response procedures.

Data Minimization

This principle emphasizes that organizations should only collect and retain personal data that is necessary for the specified purposes. It may require organizations to assess and limit the amount of personal data collected through mobile devices and applications.

Data Transfers

This section addresses the transfer of personal data outside of the jurisdiction. It may require organizations to ensure that adequate safeguards are in place when transferring personal data internationally, such as using standard contractual clauses, binding corporate rules, or relying on approved certification mechanisms.

Mobile devices and applications compliant with DPA

Complying with the UK’s DPA involves  protecting all company smartphones and computers, applications and other places where customer data is stored and accessed.

If your company uses mobile devices, this means using a Mobile Threat Defense solution that will protect smartphones, and other mobile devices from malware, phishing, network exploits. .

For companies that develop and market applications, it means ensuring all applications process data with appropriate safeguards and remediating risky behaviors and vulnerabilities with source code analysis and Compliance Audit.