Although it seems that the GDPRs focus is mostly on conformity process, there is also the criminal law aspect of the matter to examine. Criminal sanctions on data protection breaches date back further than the DPA as illegal recording, distribution, receipt, transfer and non-destruction of personal data were already criminalized under the Criminal Code. Now, with the newborn provisions of the DPA that introduce the rules and principles for processing personal data and also refer to criminal liability in case of breaches of the law, how these two laws will apply together needs to be taken into consideration. Criminal Codes approach
