The Data Protection Act
This sets out rules for collecting, storing and processing personal data.
Personal data relates to living, identifiable individuals.
The Act first became law in 1984 and was updated in 1988
- The rules that data controllers (people who store and process personal data) must follow;
- The rights of data subjects (the individuals that the data is about);
- The exemptions that exist to the Act
Rules that data controllers must follow
Eight principles of ‘good information handling’ – data must be:
- processed fairly and lawfully;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate not kept longer than necessary;
- processed in accordance with the data subject's rights;
- kept secure ;
- not transferred to countries without adequate protection
Rights of data subjects
Data subjects can normally see all of the data held about them, with some exceptions, for example if it would affect:-
- The way crime is detected or prevented
- Catching or prosecuting offenders
- Assessing or collecting taxes or duty
- The right to see certain health and social work details may also be limited
The data subject is required to write a letter asking for a copy of the data held about them.
Data controllers should reply within 40 days, provided proof of identity and the fee have been provided
Exemptions to the Act
Exemptions are possible for:
- Maintenance of a public register;
- Some not-for-profit organisations;
- Processing personal data for personal, family or household affairs (including recreational purposes) :
- If you only process personal data for
The Data Protection Commissioner
An independent officer appointed by the queen.
Reports directly to Parliament.
- Maintaining a register of the names and addresses of all data controllers;
- Considering complaints from data subjects about data controllers who have not followed the principles of information handling and prosecuting or serving notices on offenders.
