UK Data Protection Act (DPA 2018)
This page provides practical guidance for aligning LLM workflows with the UK Data Protection Act 2018 (DPA 2018) when using KoreShield. It is not legal advice. Always consult your legal team for compliance decisions.
DPA 2018 and UK GDPR
DPA 2018 sits alongside the UK GDPR and provides the UK legal framework for data protection. In most commercial contexts, UK GDPR obligations apply in parallel. KoreShield can help implement technical safeguards, but you remain responsible for lawful processing and governance.Key Requirements and How KoreShield Helps
1) Lawfulness, Fairness, and Transparency
Define a lawful basis for processing and provide clear notice to users. KoreShield supports data minimization to reduce exposure in prompts and outputs.2) Data Minimization
Only process the minimum personal data required to fulfill a task. Practical guidance:- remove direct identifiers from prompts when possible
- avoid storing raw prompts that include personal data
- keep identifiers in metadata rather than free-form content
3) Security and Integrity
Apply controls that prevent unauthorized access and reduce leakage risk.4) Purpose Limitation and Retention
Use personal data only for the specified purpose and define retention windows for prompts, logs, and outputs.5) Data Subject Rights
Support access, deletion, and correction requests by keeping trace IDs that allow you to locate and remove data when required.International Transfers
Operational Checklist
- document data flows and processing purposes
- apply least-privilege access controls for operators
- implement retention and deletion policies
- log security events with trace IDs for audits
- review subprocessors and vendor agreements