To ensure companies protect their intellectual property

To establish minimum legal standards for data security and privacy

To help businesses increase profits through data sales

To allow companies to avoid liability in case of breaches

Data compliance is optional, while data security is legally required

Data compliance focuses on meeting laws and regulations, while data security includes all measures to protect data

Data security only applies to large organisations, while data compliance applies to everyone

There is no difference; both mean protecting sensitive information

EU GDPR

DPA 2018/UK GDPR

Data Protection Directive 1995

ISO 27001

Email address

Date of birth

Trade union membership

Home address

To process data on behalf of another organisation

To decide how and why personal data is processed

To protect intellectual property and copyrights

To investigate data breaches

To make decisions about data collection and storage

To enforce data protection laws

To act on behalf of a data controller to process data

To decide how long data should be stored

Data must be processed lawfully, fairly, and transparently

Data must be collected only for specified, legitimate purposes

Data must be sold to third parties for commercial gain

Data must be kept secure and protected from unauthorised access