The Data Protection Act is a European Union regulation, while GDPR is a UK law

The Data Protection Act and GDPR both aim to protect individuals' personal data.

The Data Protection Act and GDPR only apply to businesses operating within the European Union

The Data Protection Act and GDPR have no impact on how organisations handle personal data.

To ensure that individuals have complete control over their personal data.

To prevent organisations from collecting any personal data.

To regulate the transfer of personal data between countries.

To provide guidelines for organisations on how to handle personal data responsibly.

Data minimization - collecting only the necessary personal data.

Data monetization - selling personal data for profit.

Data retention - keeping personal data indefinitely.

Data discrimination - using personal data to discriminate against individuals.

The right to be forgotten and the right to access their personal data

The right to collect personal data from others without consent.

The right to share personal data with third parties without restrictions

The right to use personal data for any purpose without limitations.

Consent from the individual.

Sharing personal data with anyone without consent

Selling personal data for financial gain.

Keeping personal data indefinitely without any purpose.

Fines of up to 1 million euros.

Imprisonment of company executives.

Loss of business reputation and customer trust.

No consequences, as compliance is not mandatory.

The Data Protection Act and GDPR only apply to organisations based in the European Union.

The Data Protection Act and GDPR apply to any organisation that processes personal data of EU residents, regardless of their location.

The Data Protection Act and GDPR only apply to organisations based in the United Kingdom.

The Data Protection Act and GDPR have no extraterritorial scope.