Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Data Protection Act

DPA is a national law that sits alongside the GDPR, and customises how GDPR applies in the UK. This is by providing exemptions, widening the scope to involve law enforcement, national security and defence.

Find out more
Download a complimentary copy

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.


The DPA (Data Protection Act) 2018 achieved formal approval on 23.05.2018. DPA 2018 includes GDPR and additional scope where EU member states are allowed to make provisions for it's local applicability.

DPA 2018 and GDPR have some key differences such as wide scope, DPA 2018 adds IP addresses, DNA and internet cookies in the personal data definition, including criminal sanctions and fines for GDPR infringements. Another change from GDPR includes the exemption from personal data protection in case of data being used in the public interest publication.

ICO is the local authority for UK's DPA and GDPR provisions.

DPA ,GDPR & Applied GDPR

"The previous Data Protection Act, passed a generation ago, failed to account for today’s internet and digital technologies, social media and big data. The new Act updates data protection laws in the UK…[and]… provides tools and strengthens rights to allow people to take back control of their personal data.” ICO Commissioner

As per the original source ICO - The DPA 2018 sets out the data protection framework in the UK, alongside the GDPR. It contains four separate data protection regimes: 

  • Part 2 Chapter 2 (GDPR): supplements and tailors the GDPR;
  • Part 2 Chapter 3 (applied GDPR): extends a modified GDPR to some other (rare) cases;
  • Part 3: sets out a separate regime for law enforcement authorities; and
  • Part 4: sets out a separate regime for the three intelligence services.

Apart from general GDPR that's already out there, applied GDPR refers to modified version of GDPR in reference to Part 2 Chapter 3 of DPA 2018. Basically the 'applied GDPR' is meant to catch any processing due to the gaps where EU laws aren't applicable. 

Data Protection by Design. Get in Touch.
Call Us Now

DPA Assessments

The following service offerings are in line with DPA/GDPR technical readiness and compliance. For detailed read on each of the areas, please visit the assessment section here.

Staff Awareness & Training

Supporting your staff to help them manage their data securely, including devices, technologies they use. Read more on our training service here

Security Monitoring

You need to ensure the systems processing the personal data are monitored for user activity including anamolous user activity.

Systems Security (Web applications, Servers)

Technical assessments around secure configuration, encryption, software vulnerabilities, common application security vulnerabilities such as OWASP Top 10

Data Protection

Technical controls to prevent unathorised or unlawful processing of personal data through the unauthorised access or use of user devices/storage media, backups, interception of data.

Manage The Risk

Technical Risk Assessments include secure configuration reviews, vulnerability scans and penetration testing. A good penetration should assess GDPR related aspects such as identity & access controls as part of active directory environment, password policy reviews, patching, information in transit & storage  mechanisms and measures in place.

Protect Data Against Attacks

Adhere to technical controls as laid out in appropriate frameworks such as Cyber Essentials. Defendza are a certifying body who can assess, validate and certify organisations based on the controls in scope for CE (Cyber Essentials) and CE Plus assessments

Data Protection Impact Assessment

This is basically a quick exercise to help you identify and reduce the data protection risks of your processing activities. 

Book a free 30-min DPA 2018 Consultation.
Call Us Now


"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

"Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business. Really enjoyed working with Defendza and look forward to working with them again in the future. Thank you!

IT manager
Housing Trust