The Data Protection Act 1998 is a piece of legislation designed to safeguard details relating to living people.
It controls what organisations are allowed to find out about you, limits how they store and process this knowledge, and gives you the right to inspect your details and to correct them if they are wrong.
Data Protection Principles
The Data Protection Act sets out eight principles that form its basis. In basic terms, these principles are as follows, each relating to personal data:
It shall be processed in a fair way.
The purpose for which it was obtained shall be specified, and it shall not be processed for some other purpose.
It shall be adequate and relevant, and not excessive for its purpose.
It shall be accurate and kept up to date.
It shall not be kept for longer than is necessary.
Subjects have the right to access and correct what is held about them.
Appropriate technical and organisational measures shall be put in place to protect it.
It shall not be transferred to a country outside the European Economic Area unless that country has adequate laws of its own.
What Is Personal Data?
The protection principles apply to personal data. So, what is it?
In short, it is anything that can be used to identify a living person. This includes both information directly stored with an individual’s credentials, and more loosely bound records that could be matched up with an individual by subsequent processing.
Such personal data includes, but is not limited to, the following:
dates of birth
Except for some specific exceptions, the Act relates to records held on computers.
Under this legislation, you have the following rights:
to gain access to computerised records about you and to some manual records
to correct, block, remove or destroy inaccurate records
to ask a data controller not to process information if that processing could cause you “substantial unwarranted damage or distress” (although they are not always bound to comply with such requests)
to request that your details not be used for unsolicited direct marketing
to object to automatic decisions made without human involvement and based on your data
to ask the Information Commissioner’s Office to investigate a perceived breach, and the right to claim compensation for damage, and possibly distress, if one is found to have taken place
Applications of the Act in your Workplace
There are two main reasons why you should make sure you understand the basics of this law. First, it applies directly to you. Your employer holds information about you, and it is in your own interests to ensure that they are complying with this legislation. This will ensure that the data they hold on you is not excessive, but is correct and is kept confidential. A second consideration is that if you are handling other people’s records you have a responsibility to treat their privacy with respect, and to comply with this law. By doing this, you keep your company’s customers happy and protect yourself and your employer from the threat of legal action.
@Zoe - no - it's not illegal for your employer to want to keep a record of what you buy in-house. Regards- Chas.
CharlieL - 20-Mar-17 @ 11:28 AM
My manager has started taking a copy of our store purchases, writing our name on them and storing them in new named files in his office. I dont even keep a records of what i send.I dont shares my purchase history with even my husband.Is this legal.
Zoe - 19-Mar-17 @ 4:16 AM
I have just discovered that a new system has been installed in my place of work which contains all of my personal information from previous name and dob,address,phone number,marital status and partners name,the name of my children and my qualifications and also my NI number. (Amongst photo and other things). This information is available for every other employee to view from their own dashboard and is the case for all of us, there are 70 + staff...is this legal and more to the point, is it safe???
I really could do with some advice on this one please.
Fifi - 7-Sep-16 @ 11:02 PM
I have been with a company for 1 year my birth certificate in a envelope was handed to my manager, he then handed it to my supervisor who thought would be ok to check it which he thought be funny to write my address down, then nickname me by my middle name which stuck around site and I think it's a breach of privacy and trust?
rocket - 24-Aug-16 @ 9:38 PM
my line manager wants us to put our full names including surname on a public board to show who is duty admin that week. The public don't really need to know who the duty admin as this doesn't really affect them int he work.I am happy for my first name but not surname. It is not common and we deal with not so safe people (SOPO or Mental Health) some time and I have my young family to look after. Do I have a right to refuse my surname being shown in public
shab - 22-Aug-16 @ 10:46 AM
Hi my employer is changed the customers receipt and this now shows my first name are they allowed to do this jam not happy about it
Thanks in advance
Jan - 2-Jul-15 @ 7:17 PM
my date of birth has just been circulated around the office by our HR Department; surely this is a breach of data protection?
Noddyflop - 27-May-15 @ 11:02 AM
a potential employer ,gave me a job and said upon receipt of my crb check would commence employment upon receipt of said document I took it to her 2 days later I received the news I did not have the position, this potential employer has said she shredded my crb certificateon speaking with the crbissuerer, have been told she should not have destroyed my certificate she has become agitated that I am following this line of inquirey what are my rights I have no proof that this is what she has done
pocket - 26-Feb-14 @ 11:36 PM
My line manager has opened my work draw and taken out and copied personal information from an envelope clearly marked private and confidential.he has then quizzed me on the information in a public place.Thanks.
akkers - 24-Apr-12 @ 10:14 AM
my date of birth has just been circulated around the office; surely this is a breach of confidence.