What It Is

Occupational Safety and Health Administration (OSHA), established by the Occupational Safety and Health Act of 1970, is a U.S. federal regulation enforcing workplace safety. Its primary purpose is assuring safe conditions via standards in 29 CFR Parts 1910-1928. It uses a performance-based approach with the General Duty Clause for uncodified hazards.

Key Components

• Subparts covering walking surfaces, PPE, HazCom, LOTO, toxic substances.
• **Hierarchy of controlselimination, substitution, engineering, administrative, PPE.
• Recordkeeping (OSHA 300/300A/301), inspections, penalties up to $165,514.
• No certification; compliance via enforcement and state plans.

Why Organizations Use It

Mandated for most U.S. employers; reduces injuries, penalties, insurance costs. Enhances reputation, productivity; aligns with ESG. Mitigates legal risks from citations.

Implementation Overview

Phased: gap analysis, written programs (IIPP), training, audits. Applies to general industry, construction; all sizes. Ongoing via inspections, no formal certification.

What It Is

UK General Data Protection Regulation (UK GDPR) is the UK's post-Brexit data protection law, adapting EU GDPR with the Data Protection Act 2018. It is a binding regulation enforcing risk-based accountability for personal data processing by the Information Commissioner's Office (ICO).

Key Components

• Seven core principles: lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, accountability.
• Individual rights (access, rectification, erasure, portability, objection).
• Controller/processor obligations, DPIAs, breach notifications, lawful bases.
• No certification; compliance via demonstrable records (RoPA), audits.

Why Organizations Use It

• Legal mandate for UK-established or targeting entities.
• Mitigates fines up to 4% global turnover or £17.5M.
• Builds trust, reduces breach risks, enables cross-border operations.

Implementation Overview

• Phased: gap analysis, RoPA, policies, training, DPIAs, vendor contracts.
• Applies to all sizes handling UK personal data; ongoing governance, ICO audits.