The Data Protection Act

An Introduction to The Data Protection Act

The Data Protection Act is an piece of UK legislation to protect and support the privacy and protection of data of living individuals in the UK. It applies restrictions on organisations which collect or hold data which can identify a living person. It has been mirrored across many other countires and territories.

The act was originally published in 1984. However, in 1998 it was significantly extended, as an implementation of European Union Directive 95/46/EC. One aspect of this was a beefing up of the authority of the Data Protection Commissioner (an independent official appointed by the Crown, who reports annually to the UK Parliament).

The Eight Data Protection Principles (principles of the act) are that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.


The implications of these principles for IT are significant and obvious.



Posted by the Editor: 2007 | |

Search

Drivers

Frameworks

Sources

Contact

About Us

  • This is a relatively new initiative, intended to define the many frameworks and methods associated with technology and IT.

    Our objective is to provide definitions, information, news and other materials to support professionals in these often complex fields. We are also open to input and do accept contributions. If you wish to participate, please contact us via the link above.

Powered by W3 Journal