Home > Privacy Law > Introduction to the Data Protection Act

Introduction to the Data Protection Act

By: Matthew Strawbridge - Updated: 21 Jan 2021 | comments*Discuss
 
Data Protection Act Personal Information

The Data Protection Act 1998 is a piece of legislation designed to safeguard details relating to living people.

It controls what organisations are allowed to find out about you, limits how they store and process this knowledge, and gives you the right to inspect your details and to correct them if they are wrong.

Data Protection Principles

The Data Protection Act sets out eight principles that form its basis. In basic terms, these principles are as follows, each relating to personal data:

  • It shall be processed in a fair way.
  • The purpose for which it was obtained shall be specified, and it shall not be processed for some other purpose.
  • It shall be adequate and relevant, and not excessive for its purpose.
  • It shall be accurate and kept up to date.
  • It shall not be kept for longer than is necessary.
  • Subjects have the right to access and correct what is held about them.
  • Appropriate technical and organisational measures shall be put in place to protect it.
  • It shall not be transferred to a country outside the European Economic Area unless that country has adequate laws of its own.

What Is Personal Data?

The protection principles apply to personal data. So, what is it?

In short, it is anything that can be used to identify a living person. This includes both information directly stored with an individual’s credentials, and more loosely bound records that could be matched up with an individual by subsequent processing.

Such personal data includes, but is not limited to, the following:

  • names
  • addresses
  • dates of birth
  • telephone numbers
  • email addresses
  • religion
  • race
  • political allegiance
  • medical history

Except for some specific exceptions, the Act relates to records held on computers.

Your Rights

Under this legislation, you have the following rights:

  • to gain access to computerised records about you and to some manual records
  • to correct, block, remove or destroy inaccurate records
  • to ask a data controller not to process information if that processing could cause you “substantial unwarranted damage or distress” (although they are not always bound to comply with such requests)
  • to request that your details not be used for unsolicited direct marketing
  • to object to automatic decisions made without human involvement and based on your data
  • to ask the Information Commissioner’s Office to investigate a perceived breach, and the right to claim compensation for damage, and possibly distress, if one is found to have taken place

Applications of the Act in your Workplace

There are two main reasons why you should make sure you understand the basics of this law. First, it applies directly to you. Your employer holds information about you, and it is in your own interests to ensure that they are complying with this legislation. This will ensure that the data they hold on you is not excessive, but is correct and is kept confidential. A second consideration is that if you are handling other people’s records you have a responsibility to treat their privacy with respect, and to comply with this law. By doing this, you keep your company’s customers happy and protect yourself and your employer from the threat of legal action.

*The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.

Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.

Previous Page
Next Page
You might also like...
Share Your Story, Join the Discussion or Seek Advice..
[Add a Comment]
Does my manager have the right to share my personal mobile number with a director without my permission?
MB - 21-Jan-21 @ 6:56 AM
A team member shared I was having the vaccine with her family and friends - is this a GDPR breach?
MH - 11-Jan-21 @ 1:27 PM
On two occasions recently my employer has given a fellow employee, my address to hand deliver letters to me is this legal? As I’m concerned they are giving out my address without my permission.
Eddie - 11-Dec-20 @ 6:17 PM
Hi there, I was off due to an illness and my employer was telling everyone down where we take our vans to get repaired about how and why I was off sic....is this a breach in data protection or not
Rich007 - 3-Dec-20 @ 1:41 PM
Is it legal for your manager to carry your details ie wage slips on their phone or is it a breach also I'm not being given wage slips he is keeping them unable to check pay etc is right
H - 2-Oct-20 @ 7:11 AM
Previously my wage slips were available through Xero and is password protected.I have left this job and he has sent my payslips along with my P45 via email and copied a member of his family and a co worker who is not a Director.As you can imagine my DOB, address N.I. Is that appropriate under GDPR
Jayne - 4-Sep-20 @ 7:12 AM
Can a agency consultant share information given by the temp worker {email} to the employer either verbally or by email...
Pauline - 14-Jul-20 @ 10:07 AM
Hello On my eife work place Som one ar send privet personal information to somone Wat shuld we do now..
Misiek - 25-Jun-20 @ 7:11 PM
My ex employer told my ood colleagues that they had not passed my probation and had let me go, is this allowed? I feel humiliated and angry that they have discussed what should have been a personal and private discussion with my old colleagues. Is this allowed? My boss also sent my personal mobile number to my colleagues without my consent prior to letting me go, is this allowed?
KA - 22-May-20 @ 10:24 AM
Does my line manager have the right to share my mobile number with other staff without my permission?
Mhystie26 - 25-Mar-20 @ 5:01 PM
I have recently had to take time off work because of personal reasons, and think my boss has explained to customers why I was off and for how long for. I feel like he or any of my colleagues should be talking about my personal circumstances with the general public.
HB - 23-Jan-20 @ 4:33 PM
I work in retail premises a work colleague spotted a diary on a shelf on shop floor he handed it to me thinking it was mine as he read a medical certificate that was in it (a fit for work note I presented to my manager about a month ago) I was absolutely horrified as it had my personal details as well as medical complaint on it .I approached my boss said I wasnt happy with his negligence said it breached my data protectionbut he just took it and placed it in a file in safe Should he still have this on premises after a month and is this a breach of my rights ?
Aridon - 7-Jan-20 @ 7:22 PM
My employer has repeatedly given out my personal phone number to customers etc, despite me having said several times i do not want my personal mobile number given out. Is this a breach of the data protection act? And, what if any action can i take against my employer
C - 7-Dec-19 @ 10:18 AM
At my work place our absence/holiday request forms are stored in a clear polypocket stuck on the wall by the manager's desk. Our overtime record sheets are stored in the same way. Is this acceptable HR?
MA - 17-Oct-19 @ 9:57 PM
At my workplace we have a folder with names and phone numbers in which is only meant to be used to contact people while we are at work for work purposes and it says do not copy or photo copy it is part of data protection, but a staff member took a photo of this and shared it on a group chat with other work colleges and she only got a warning for this, surly she should have got the sack and could I take this further as I didn’t want my phone number shared in this way.
Elaine1 - 3-Sep-19 @ 11:18 AM
I pressed 'i do not consent' to my exit interview being shared, but HR have shared it with management in my office who are now giving me the cold shoulder - is this legal?
EO - 16-Jul-19 @ 5:14 PM
I asked last week if my boss could help me with a personal loan or a loan from the company of £7000, this was for me and my partner to help us get on the property ladder.This discussion was in private and confidential. Today he was angry with other employees and blurted out in front of other employees that if I or other employees keep wasting money running vehicles around empty there was no way he could give me the £7000 I asked to borrow.Even tho in private last week he said there was nothing he could do to help. It was private information that my co-works now know about which shouldn’t have happened.Where do I stand?
Poohbear - 25-Jun-19 @ 9:24 AM
My ex employer has posted my P45 to another ex employee she didn’t work at the same home as me but had contacted me to say she has half my p45 containing all my personal details
N/A - 3-Jun-19 @ 11:36 AM
Is it right for a senior or leader to give you're number to a member of staff without your permission
alidowell - 24-May-19 @ 8:45 PM
The account for employees' wages is set up as a customer account on the computer and anyone processing invoices has access to everyone's wage history/payments. Is this legal, acceptable, or an infringement on employee privacy rights?
Jeff J - 29-Mar-19 @ 6:00 PM
My current employer has issued my national insurance number on another employees payslip for 3 continuous months, and a letter was sent to the same employee from the hmrc in my name notifying them of future tax channges for the coming year, the same employee whilst trying to register for a company benefit couldn't register his employee account as it was stating they had the incorrect d.o.b, low and behold it was my d.o.b they needed to enter to gain access. These 3 soerate incidents happened over a 5 month period where neither incident was brought to my attention by my employer, I've had no apology or advice on how this happened and what's being done to rectify this breach. I've made a complaint to my hr team over a week ago and I personally still haven't had any correspondence from them other than an automated email saying they'll be in touch within 72 hours, they've contacted my operations manager but not myself. I'm very annoyed that this has happened and they've not apologised or seemingly fulfilled they're duty to notify me, what should I do? And are these grounds to make a compensation claim against my employer for not safeguarding my personal data and causing undue stress?
Nj - 19-Feb-19 @ 10:33 PM
I have just moved to a new property within the space of a week my ex employer has sent me a letter looking for payment from an overpaymebt, but I can't understand how they got my address it make another sense, I am not on the electoral roll at my address as I have just moved in. One of my ex employees used to stay in this property what are my rights ?
Cal - 11-Jan-19 @ 1:15 PM
My employer has released my personal data in a mass email. To say that I'm upset is an understatement. What are my legal rights ? do I have any ? am I entitled to compensation ? You advice would be much appreciated.
Hubert - 25-Sep-18 @ 11:54 AM
@Teamtrave - it's unlikely anything will happen or that the other person is going to sell your number. But it is something you should speak to your company about.
DNN - 3-Sep-18 @ 9:48 AM
My employer/pensions dept has sent me another persons pension statement but has also sent that person mines - We have the same name. However this means my national insurance number, date of birth, pension contributions and salary are on the document which really worries me.
Teamtrave - 1-Sep-18 @ 10:05 PM
@HannaaLucie - if there was a work/police incident then your employer has every right to contact you or pass your number to the police.
KateV - 17-Aug-18 @ 9:45 AM
I have recently left a job, I have been left about 6 weeks. Today my previous employer rang the police regarding an incident with my partner who also worked there and gave the police my phone number. Is this a breach of privacy as I have been left 6 weeks and they have no reason to have my records still or pass them on to the police.
HannaaLucie - 3-Aug-18 @ 7:05 PM
I have had issues with work (a manager specifically, who I raised a greivance on, and have just come through that procedure) that have had a knock on effect to my health, in turn, affecting my work... Due to the health issues, I was asked to attend a session with an occupational Dr, which I did. When he sent me his report on me to look over & confirm I was happy for him to send it on. I specifically gave permission for him to send it to my HR Rep. I then also sent it to the HR Rep labelled Private & Confidential. I have not given any further permissions for this document to be shared, yet the manager who I raised the grievance on, has infirmed me that he has read this report. Is this not a GDPR breach?
MeOldChina - 26-Jul-18 @ 3:44 AM
Kat - Your Question:
My employer has my full name printed on till receipts given out to the pubic. I’ve had men contact me through personal social media because of this. Is this a breach of my person data?
Our Response:
If you do not wish your full name to be given out, then you should request that your employer no longer does this. If your employer does not take your query on board, please see link here.
EmployeePrivacyRights - 23-Jul-18 @ 3:39 PM
My employer has my full name printed on till receipts given out to the pubic. I’ve had men contact me through personal social media because of this. Is this a breach of my person data?
Kat - 21-Jul-18 @ 2:31 PM
Share Your Story, Join the Discussion or Seek Advice...
Title:
(never shown)
Firstname:
(never shown)
Surname:
(never shown)
Email:
(never shown)
Nickname:
(shown)
Comment:
Validate:
Enter word:
Latest Comments