Data Protection Act 2018

UK law defining rules for processing personal data and IT controls.

The Data Protection Act 2018 is the UK statute that sets rules for processing personal data and complements the UK data protection framework.

It places obligations on organisations to justify processing, record activities, apply appropriate technical and organisational security, support subject rights and manage breaches, which creates operational requirements for IT teams.

Data Protection Act 2018: access and security controls

Controls for access, privileged accounts, authentication and authorisation to prevent unauthorised access and support lawful processing of personal data under the Act.

WALLIX PAM

Centralises privileged credential management and session control to enforce access restrictions.

View Product

PAM360

Stores and controls privileged credentials and automates access policies to limit unauthorised use.

View Product

WALLIX One

Manages privileged accounts and enforces access policies across systems to reduce misuse of credentials.

View Product

AD360

Centralises user provisioning, MFA and access controls to enforce authorisation policies across directories.

View Product

ADSelfService Plus

Provides self-service password reset and MFA to reduce credential risks and enforce authentication controls.

View Product

WALLIX Remote Access

Provides controlled remote access with authentication and authorisation to enforce secure access to systems.

View Product

Heimdal Privileged Account and Session Management

Controls and monitors privileged accounts to enforce Data Protection Act 2018 access security.

View Product

Heimdal Privileged Elevation and Delegation Management

Manages elevation of administrative privileges to enforce least privilege for Data Protection Act 2018.

View Product

uniqkey

Provides an encrypted credential vault with central controls and sharing policies for organisational accounts.

View Product

Heimdal Privileged Account and Session Management

Manages and monitors privileged accounts and sessions to control access under Data Protection Act 2018.

View Product

Specops Password Policy

Enforces Active Directory password rules to protect personal data access under Data Protection Act 2018.

View Product

Specops uReset

Provides self-service AD password reset and secondary authentication to secure access under Data Protection Act 2018.

View Product

Specops Password Policy

Enforces AD password policies to help meet Data Protection Act 2018 access controls.

View Product

Specops uReset

Provides self-service password reset and MFA to support Data Protection Act 2018 access controls.

View Product

Data Protection Act 2018 — Audit evidence and records

Collect and retain logs, records and reports that show lawful processing, data subject actions and control activities to support audits under Data Protection Act 2018.

MOVEit

Records detailed transfer activity and audit logs to provide evidence for Data Protection Act 2018 compliance.

View Product

MOVEit

Produces detailed transfer logs and audit records to demonstrate compliance with Data Protection Act 2018.

View Product

ADAudit Plus

Records AD and Windows events and generates reports to provide searchable audit trails for investigations.

View Product

MOVEit Cloud

Maintains detailed transfer logs and reports to provide auditable evidence of file movements.

View Product

MOVEit Automation

Captures detailed transfer events and automation logs for audit trails and compliance reporting.

View Product

MOVEit Transfer

Records transfer activity and user access logs to supply audit evidence for data handling events.

View Product

NetWrix Auditor

Collects configuration and user activity logs and stores tamper-evident records for audit purposes.

View Product

WALLIX PAM

Records privileged session activity and access events to create auditable trails for compliance review.

View Product

PAM360

Captures session recordings and password change logs to supply audit evidence of privileged actions.

View Product

ADManager Plus

Produces audit-ready Active Directory reports and logs to support Data Protection Act 2018 compliance.

View Product

Identity360

Aggregates identity and access events across systems to produce correlated audit data for investigations.

View Product

M365 Manager Plus

Collects Microsoft 365 activity and configuration logs to produce audit reports for compliance reviews.

View Product

Netwrix Endpoint Protector

Maintains logs of blocked transfers and device activity to provide evidence for incident investigations.

View Product

WALLIX One

Records privileged session activity to provide audit evidence for Data Protection Act 2018 compliance.

View Product

ADManager Plus

Generates directory and compliance reports to supply audit evidence for Data Protection Act 2018 obligations.

View Product

Handling personal data under the Data Protection Act 2018

Classification, transfer, retention and controlled handling of personal data to align technical controls with Data Protection Act 2018 requirements.

MOVEit

Provides encrypted, access-controlled file transfers to protect personal data under Data Protection Act 2018.

View Product

MOVEit

Secures and audits file transfers to ensure Data Protection Act 2018 compliant handling of personal data.

View Product

MOVEit Cloud

Cloud-hosted managed file transfer with encryption, access controls and audit logging.

View Product

Netwrix Data Classification

Discovers and labels sensitive personal data across repositories to enable controlled handling and protection.

View Product

MOVEit Transfer

Provides centrally managed, encrypted file transfers with access controls to protect personal data.

View Product

MOVEit Automation

Automates policy-driven secure file transfers and enforces encryption and handling rules.

View Product

Netwrix Endpoint Protector

Enforces policies to block unauthorised data transfers from endpoints and records transfer events.

View Product

RecoveryManager Plus

Performs scheduled backups and enables point-in-time recovery to preserve and restore personal data reliably.

View Product

Heimdal Ransomware Encryption Protection

Blocks unauthorised file encryption on endpoints to protect personal data under Data Protection Act 2018.

View Product

Governance under the Data Protection Act 2018

Establishes accountability, record-keeping and policy duties for processing personal data to support oversight and compliance.

CyberSmart

Provides a compliance platform to manage security controls, policies and evidence for regulatory adherence.

View Product

Where Data Protection Act 2018 fits

The Act applies across systems that store or process personal data: HR, CRM, cloud services, backups, logs and the data flows between them. Controls such as access management, encryption, retention and deletion need attention where personal data is involved.

Consider the Act when selecting and configuring software, setting access controls and designing backups. Armstrong can assist with product configuration and control improvements, but legal compliance and breach handling remain the organisation's responsibility.

Discuss your Data Protection Act 2018 approach

Speak to a specialist