Data Protection Act 2018 Summary
This article was last updated in line with the Data Protection Act 2018 in July 2018.
If you or your business handles any sort of personal information about people, it’s crucial for you to comply with the Data Protection Act 2018. This was previously known as the Data Protection Act 1998, but was updated in accordance with GDPR in 2018.
You should know what rules the Act enforces regarding how you obtain, store, share, and use personal data. By following these rules, you’ll ensure your business handles data securely and protects the privacy of your customers and employees.
The Data Protection Act 2018 aims to:
- Facilitate the secure transfer of information within the European Union.
- Prevent people or organisations from holding and using inaccurate information on individuals. This applies to information regarding both private lives or business.
- Give the public confidence about how business’s can use their personal information.
- Provide data subjects with the legal right to check the information businesses hold about them. They can also request for the data controller to destroy it.
- Give data subjects greater control over how data controllers handle their data.
- Place emphasis on accountability. This requires businesses to have processes in place that demonstrate how they’re securely handling data.
- Require firms to keep people’s personal data safe and secure. Data controllers must ensure that it is not misused.
- Require the data user or holder to register with the Information Commissioner.
Who Does the Data Protection Act Apply to?
The Data Protection Act applies to any business or person who uses or holds personal data on individuals within the EU and United Kingdom. Breaches of the legislation are criminal offences and can result in severe penalties.
Following GDPR, the Data Protection Act contains numerous key principles that summarise what data controllers must do to keep data subjects’ information secure. All data-handling businesses must understand and follow these principles, so it’s important to familiarise yourself with them.
The key principles of the Data Protection Act and GDPR are:
- Fair, lawful, and transparent processing.
- Purpose limitation.
- Data minimisation.
- Data retention periods.
- Data security.
Data subjects also have numerous rights under the Data Protection Act, which GDPR strengthened in 2018.
All data subjects have the right to:
- Receive clear information about what you will use their data for.
- Access their own personal information.
- Request for their data to be revised if out of date or erased. These are known as the right to rectification and the right to erasure
- Request information about the reasoning behind any automated decisions, such as if computer software denies them access to a loan.
- Prevent or query about the automated processing of their personal data.
If you receive an access or erasure request from a data subject, you must respond within a month. It’s your responsibility to ensure you can securely access, amend, and destroy this data where necessary.