Introduction to the Data Protection Act

The Data Protection Act 1998 is a piece of legislation designed to safeguard details relating to living people.

It controls what organisations are allowed to find out about you, limits how they store and process this knowledge, and gives you the right to inspect your details and to correct them if they are wrong.

Data Protection Principles

The Data Protection Act sets out eight principles that form its basis. In basic terms, these principles are as follows, each relating to personal data:

• It shall be processed in a fair way.
• The purpose for which it was obtained shall be specified, and it shall not be processed for some other purpose.
• It shall be adequate and relevant, and not excessive for its purpose.
• It shall be accurate and kept up to date.
• It shall not be kept for longer than is necessary.
• Subjects have the right to access and correct what is held about them.
• Appropriate technical and organisational measures shall be put in place to protect it.
• It shall not be transferred to a country outside the European Economic Area unless that country has adequate laws of its own.

What Is Personal Data?

The protection principles apply to personal data. So, what is it?

In short, it is anything that can be used to identify a living person. This includes both information directly stored with an individual’s credentials, and more loosely bound records that could be matched up with an individual by subsequent processing.

Such personal data includes, but is not limited to, the following:

• names
• addresses
• dates of birth
• telephone numbers
• email addresses
• religion
• race
• political allegiance
• medical history

Except for some specific exceptions, the Act relates to records held on computers.

Your Rights

Under this legislation, you have the following rights:

• to gain access to computerised records about you and to some manual records
• to correct, block, remove or destroy inaccurate records
• to ask a data controller not to process information if that processing could cause you “substantial unwarranted damage or distress” (although they are not always bound to comply with such requests)
• to request that your details not be used for unsolicited direct marketing
• to object to automatic decisions made without human involvement and based on your data
• to ask the Information Commissioner’s Office to investigate a perceived breach, and the right to claim compensation for damage, and possibly distress, if one is found to have taken place

Applications of the Act in your Workplace

There are two main reasons why you should make sure you understand the basics of this law. First, it applies directly to you. Your employer holds information about you, and it is in your own interests to ensure that they are complying with this legislation. This will ensure that the data they hold on you is not excessive, but is correct and is kept confidential. A second consideration is that if you are handling other people’s records you have a responsibility to treat their privacy with respect, and to comply with this law. By doing this, you keep your company’s customers happy and protect yourself and your employer from the threat of legal action.