Home > Privacy Law > Introduction to the Data Protection Act

Introduction to the Data Protection Act

By: Matthew Strawbridge - Updated: 11 Jan 2019 | comments*Discuss
 
Data Protection Act Personal Information

The Data Protection Act 1998 is a piece of legislation designed to safeguard details relating to living people.

It controls what organisations are allowed to find out about you, limits how they store and process this knowledge, and gives you the right to inspect your details and to correct them if they are wrong.

Data Protection Principles

The Data Protection Act sets out eight principles that form its basis. In basic terms, these principles are as follows, each relating to personal data:

  • It shall be processed in a fair way.
  • The purpose for which it was obtained shall be specified, and it shall not be processed for some other purpose.
  • It shall be adequate and relevant, and not excessive for its purpose.
  • It shall be accurate and kept up to date.
  • It shall not be kept for longer than is necessary.
  • Subjects have the right to access and correct what is held about them.
  • Appropriate technical and organisational measures shall be put in place to protect it.
  • It shall not be transferred to a country outside the European Economic Area unless that country has adequate laws of its own.

What Is Personal Data?

The protection principles apply to personal data. So, what is it?

In short, it is anything that can be used to identify a living person. This includes both information directly stored with an individual’s credentials, and more loosely bound records that could be matched up with an individual by subsequent processing.

Such personal data includes, but is not limited to, the following:

  • names
  • addresses
  • dates of birth
  • telephone numbers
  • email addresses
  • religion
  • race
  • political allegiance
  • medical history

Except for some specific exceptions, the Act relates to records held on computers.

Your Rights

Under this legislation, you have the following rights:

  • to gain access to computerised records about you and to some manual records
  • to correct, block, remove or destroy inaccurate records
  • to ask a data controller not to process information if that processing could cause you “substantial unwarranted damage or distress” (although they are not always bound to comply with such requests)
  • to request that your details not be used for unsolicited direct marketing
  • to object to automatic decisions made without human involvement and based on your data
  • to ask the Information Commissioner’s Office to investigate a perceived breach, and the right to claim compensation for damage, and possibly distress, if one is found to have taken place

Applications of the Act in your Workplace

There are two main reasons why you should make sure you understand the basics of this law. First, it applies directly to you. Your employer holds information about you, and it is in your own interests to ensure that they are complying with this legislation. This will ensure that the data they hold on you is not excessive, but is correct and is kept confidential. A second consideration is that if you are handling other people’s records you have a responsibility to treat their privacy with respect, and to comply with this law. By doing this, you keep your company’s customers happy and protect yourself and your employer from the threat of legal action.

*The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.

Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.

Previous Page
Next Page
You might also like...
Share Your Story, Join the Discussion or Seek Advice..
[Add a Comment]
I have just moved to a new property within the space of a week my ex employer has sent me a letter looking for payment from an overpaymebt, but I can't understand how they got my address it make another sense, I am not on the electoral roll at my address as I have just moved in. One of my ex employees used to stay in this property what are my rights ?
Cal - 11-Jan-19 @ 1:15 PM
My employer has released my personal data in a mass email. To say that I'm upset is an understatement. What are my legal rights ? do I have any ? am I entitled to compensation ? You advice would be much appreciated.
Hubert - 25-Sep-18 @ 11:54 AM
@Teamtrave - it's unlikely anything will happen or that the other person is going to sell your number. But it is something you should speak to your company about.
DNN - 3-Sep-18 @ 9:48 AM
My employer/pensions dept has sent me another persons pension statement but has also sent that person mines - We have the same name. However this means my national insurance number, date of birth, pension contributions and salary are on the document which really worries me.
Teamtrave - 1-Sep-18 @ 10:05 PM
@HannaaLucie - if there was a work/police incident then your employer has every right to contact you or pass your number to the police.
KateV - 17-Aug-18 @ 9:45 AM
I have recently left a job, I have been left about 6 weeks. Today my previous employer rang the police regarding an incident with my partner who also worked there and gave the police my phone number. Is this a breach of privacy as I have been left 6 weeks and they have no reason to have my records still or pass them on to the police.
HannaaLucie - 3-Aug-18 @ 7:05 PM
I have had issues with work (a manager specifically, who I raised a greivance on, and have just come through that procedure) that have had a knock on effect to my health, in turn, affecting my work... Due to the health issues, I was asked to attend a session with an occupational Dr, which I did. When he sent me his report on me to look over & confirm I was happy for him to send it on. I specifically gave permission for him to send it to my HR Rep. I then also sent it to the HR Rep labelled Private & Confidential. I have not given any further permissions for this document to be shared, yet the manager who I raised the grievance on, has infirmed me that he has read this report. Is this not a GDPR breach?
MeOldChina - 26-Jul-18 @ 3:44 AM
Kat - Your Question:
My employer has my full name printed on till receipts given out to the pubic. I’ve had men contact me through personal social media because of this. Is this a breach of my person data?
Our Response:
If you do not wish your full name to be given out, then you should request that your employer no longer does this. If your employer does not take your query on board, please see link here.
EmployeePrivacyRights - 23-Jul-18 @ 3:39 PM
My employer has my full name printed on till receipts given out to the pubic. I’ve had men contact me through personal social media because of this. Is this a breach of my person data?
Kat - 21-Jul-18 @ 2:31 PM
An old employer ( over 4 years ago) gave a complete stranger my place of work resulting in a phone call to my employer regarding something unrelated to my job - is that a breach of gdpr?
Speeds - 4-Jul-18 @ 8:46 PM
@Enam - if you think security is not tight enough I'd complain or write to them directly. It's usually the other way around these days - we have so many passwords or security questions we can't remember them.
HaB - 18-Jun-18 @ 10:37 AM
Three have a live chat where they only ask for name, post code and date of birth. Any close friends or family members easily have access to these details which means they can easily access my account without my consent. By law, are the questions they ask sufficient or do they need to tighten up the security with more questions?
Enam - 16-Jun-18 @ 8:11 PM
Hi there. I left my employer 2 weeks ago and they have sent out various correspondence to me regarding final salary etc I have been contacted by another ex employee who has had a letter addressed to me, posted to him.Luckily he has my mobile number to tell me. This has caused me distress since he called. I don't want others knowing my reasons for leaving. Is this a gdpr breach? What should I do. Thanks
Murkym - 15-Jun-18 @ 1:26 PM
My ex employer has given out my home address to a solicitors re: contacting me about an employment tribunal...I made a witness statement last year when I still worked for the company, but left at the start of the year. Should they have done this without my consent?
Unsureaboutdataprote - 24-May-18 @ 8:02 PM
@Danc - you would have to write to them. How come you have access to your old online portal anyway?
Bri - 22-May-18 @ 12:42 PM
My ex employer(a company which has over 1000 stores) are logging onto my old online portal at work which has all my information on there from all my old pay slips to bank account numbers, sort codes,mobile number,address etc. Is this legal?
Danc - 21-May-18 @ 9:53 PM
My company is repeatedly giving out my mobile number to clients.The phone is personal, not work, bought out-right by me and on payg. Is what they are doing legal?
Meemme - 7-May-18 @ 12:20 PM
Returned to work after long term sick leave (6 months). Told I couldn't return by employer when I arrived back. I wouldn't leave without written evidence as to why he wasn't allowing me back. He called police to have me removed for trespassing. Employer disclosed all my medical conditions and medical history with police without consent from me. No crime as it was a civil matter, they just come along to ask me to leave. Should he have disclosed all information as no crime committed.
K - 27-Apr-18 @ 1:24 PM
@Scous- if your illness is affecting your ability to work, then as a company it has to be discussed.
Darcey - 26-Apr-18 @ 3:59 PM
I have MS and asked my line manager for some adjustments. He took my request to a resource meeting were he discussed my condition with other employees. He told me he was taking my request to a meeting but didn’t get consent off me to discuss my condition... has he breached data protection? Thanks
Scous - 25-Apr-18 @ 11:21 PM
I purchased tickets online to a large concert event.The event date changed and I elected to request a full refund.I am being asked to provide my Date of Birth along with other details.Is this legal?
Ferdy - 24-Apr-18 @ 5:47 PM
I recently received a complaint at work (which was not upheld) however a senior manager whilst speaking to another member of staff told them of this complaint and mentioned my name when giving details of this. Is this a clear breach of data protection? Thanks
Doc7 - 20-Mar-18 @ 8:32 PM
i had an attachment of earnings on my wage. she left the letter on her desk so all the staff could read it. also when she didnt pay my attachment the bailiffs came to work regarding it. she then called all the staff in and made tell all the staff it was because of my attachment of earnings and the bailiff had nothing to do with her. what can i do as she is always leaving staff info laying about
mad jo.b - 19-Mar-18 @ 3:33 PM
Nhya91 - Your Question:
I have recently applied for a job and I had to fill in some tests. I've got rejected. Only feedback I've received is a report saying I need to improve my logical reasoning skills, my numerical skills are one of my skills and some other interpretations of my results. The question is, can I ask for the results? I would like to see where I have failed but the company refuses to share that information with me. Is there anything I can do about?
Our Response:
The company does not have to share this information with you, nor is it compulsary for the company to issue any feedback. There is nothing stopping you in asking for the results. At the same time please be aware the company may feel it has done enough in complying with your initial requests.
EmployeePrivacyRights - 16-Mar-18 @ 10:24 AM
I have recently applied for a job and I had to fill in some tests. I've got rejected. Only feedback I've received is a report saying I need to improve my logical reasoning skills, my numerical skills are one of my skills and some other interpretations of my results. The question is, can I ask for the results? I would like to see where I have failed but the company refuses to share that information with me. Is there anything I can do about?
Nhya91 - 15-Mar-18 @ 4:09 PM
Invoices addressed to the manager who ordered name badges showing every staff members' first and family names were not put in confidential waste but ended up in recycling. Has a breach of data protection occurred? My employers have not told the staff that this has happened; should they? Am I able to insist on an apology?
Adviceseeker - 28-Feb-18 @ 12:05 AM
It has come to my attention that my manager has sent emails to her colleague about me which are rude and describe me using language including swear words and about my apparently non-managerial behaviour which has never been discussed with me let alone ever been highlighted to me or any of my team members that there was infact a problem.What I want would like to know is am I entitled to ask for a copy if the personnel emails about me under the data protection act?
Jillpen - 25-Feb-18 @ 4:52 PM
At end of year accounts wages are shown at a total 1member wants everyone wages put down individual president of the club is going round staff and committee asking them what there salary is surely this is against data protection law staff do not agree with him doing this
Bud - 24-Jan-18 @ 11:20 PM
Hatterz- Your Question:
I work in logistics for a main stream brand delivering furniture to customers home address. And recently our employer has been sending our full first and surname to customers where before it was only our first names. I don’t feel comfortable with this as with the likes of social media if a customer wasn’t happy for any reason can now hunt you down I and the rest of my colleagues feel this is a breach of our own data protection is this the case ?
Our Response:
You would have to attempt to discuss this with your employer directly.
EmployeePrivacyRights - 30-Nov-17 @ 3:22 PM
I work in logistics for a main stream brand delivering furniture to customers home address. And recently our employer has been sending our full first and surname to customers where before it was only our first names. I don’t feel comfortable with this as with the likes of social media if a customer wasn’t happy for any reason can now hunt you down I and the rest of my colleagues feel this is a breach of our own data protection is this the case ?
Hatterz - 28-Nov-17 @ 11:18 PM
Share Your Story, Join the Discussion or Seek Advice...
Title:
(never shown)
Firstname:
(never shown)
Surname:
(never shown)
Email:
(never shown)
Nickname:
(shown)
Comment:
Validate:
Enter word:
Latest Comments