Data Protection Act Summary

January 30, 2014
Clock Icon 2 min read

If you or your business handles any sort of personal information then data protection is an incredibly important issue. How you obtain, store, share and use information is critical and, because of this, the Data Protection Act was created in order to provide rules for what you can and can’t do.


The Data Protection Act 1998 aims to:

  • Facilitate the transfer of information within the European Union.
  • Prevent people or organisations from holding and using inaccurate information on individuals, whether this information is relating to private lives or business.
  • Give the public confidence about the use of their personal information and to ensure that they have the legal right to check the information being held about them.
  • Require firms to keep people’s personal data safe and secure and to ensure that it is not misused.
  • Require the data user or holder to register with the Information Commissioner.

Who Does the Data Protection Act Apply to?

The Data Protection Act applies to any business or person who uses or holds personal data on individuals. Breaches of the legislation are criminal offences and can result in severe penalties.

The Data Protection Act is made up of eight, essential principles that all data-handling businesses must adhere to. The eight principles of the Data Protection Act 1998 are:

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes.
  3. Personal data shall be adequate, relevant and not excessive.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data must be processed in accordance with the rights of the individual.
  7. Personal data must be kept secure in order to prevent loss or unauthorised disclosure.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area.

Data subjects also have rights under the Data Protection Act. Data subjects have the right to:

  • Access their own personal information.
  • Request information about the reasoning behind any automated decisions, such as if computer software denies them access to a loan.
  • Give written notice requesting businesses or individuals to not make any automated decisions using their personal data.

If you have received a subject access request from a data subject then you must respond within 40 calendar days of receiving it.

Want to know more about data protection? Our online GDPR course will provide you with all the necessary knowledge you require to implement data protection best practices in your workplace.


Further Resources:

Like This Article?
Share it on social.