Introduction to the Data Protection Act

Author: Matthew Strawbridge

The Data Protection Act 1998 is a piece of legislation designed to safeguard details relating to living people. It controls what organisations are allowed to find out about you, limits how they store and process this knowledge, and gives you the right to inspect your details and to correct them if they are wrong.

Data Protection Principles

The Data Protection Act sets out eight principles that form its basis. In basic terms, these principles are as follows, each relating to personal data:

It shall be processed in a fair way.
The purpose for which it was obtained shall be specified, and it shall not be processed for some other purpose.
It shall be adequate and relevant, and not excessive for its purpose.
It shall be accurate and kept up to date.
It shall not be kept for longer than is necessary.
Subjects have the right to access and correct what is held about them.
Appropriate technical and organisational measures shall be put in place to protect it.
It shall not be transferred to a country outside the European Economic Area unless that country has adequate laws of its own.

What Is Personal Data?

The protection principles apply to personal data. So, what is it?

In short, it is anything that can be used to identify a living person. This includes both information directly stored with an individual’s credentials, and more loosely bound records that could be matched up with an individual by subsequent processing.

Such personal data includes, but is not limited to, the following:

names
addresses
dates of birth
telephone numbers
email addresses
religion
race
political allegiance
medical history

Except for some specific exceptions, the Act relates to records held on computers.

Your Rights

Under this legislation, you have the following rights:

to gain access to computerised records about you and to some manual records
to correct, block, remove or destroy inaccurate records
to ask a data controller not to process information if that processing could cause you “substantial unwarranted damage or distress” (although they are not always bound to comply with such requests)
to request that your details not be used for unsolicited direct marketing
to object to automatic decisions made without human involvement and based on your data
to ask the Information Commissioner’s Office to investigate a perceived breach, and the right to claim compensation for damage, and possibly distress, if one is found to have taken place

Applications of the Act in your Workplace

There are two main reasons why you should make sure you understand the basics of this law. First, it applies directly to you. Your employer holds information about you, and it is in your own interests to ensure that they are complying with this legislation. This will ensure that the data they hold on you is not excessive, but is correct and is kept confidential. A second consideration is that if you are handling other people’s records you have a responsibility to treat their privacy with respect, and to comply with this law. By doing this, you keep your company’s customers happy and protect yourself and your employer from the threat of legal action.

*The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.

Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.

77 Comments

Ask a Question or Comment

L 20 Mar 2024

I have an altercation with someone at work and it has gone to a disciplinary hearing and I’ve received a case file and it has letters that the person I had an altercation with had received with their address on that means they now have my address they would’ve received the same file is this against the data protection act considering there was an aggressive altercation ?

Chris 20 Feb 2024

My manager gave my personal phone number to somebody outside of the company. Is this allowed?

SRM95 10 Sep 2021

My work place changed locks after I left the building yesterday (I open the building and was the only one on that shift that week). I received phone calls and text messages from my work out with working hours telling me to come collect the new key. I was busy so couldn’t. When asked where they got my mobile number (personal) they informed me that they got this off the Track and Trace information provided by myself. I came in this morning (there is another way of getting into the building that avoids the door with the new lock). A couple of hours later the building manager comes in and asks me if I got the key. I asked her what she was talking about and she informed me that a member of staff got my address and was coming to my door to give me the key. I have since found out they phoned my line manager who willingly gave them my address (which luckily turned out to be incorrect) without my permission but informed them that she would contact me. I had no attempt of contact from my manager yesterday to tell me this. Where do I stand with this? I am an extremely private person who has had to create boundaries with my work previous but now both my number and address have been used by people I do not know. Help!

Mikki 29 May 2021

I resigned from my post and on my last day, my manager was off so he gave access to my data to his subordinates who also had a manager title. Can managers give access of another employee to another subordinate just because they also have the manager title ? Does this constitute a breach of data.

Dav 5 May 2021

My work has given my address out to another work colleague to hand deliver letters on a couple of occasions and a colleague knocked on my door and then delivered the same letter.

Churchill 28 Mar 2021

A colleague invited me to read (but I declined) another colleagues personal file which had been left in a box in archives. A room freely accessed for numerous reasons e.g resources etc. This person left the company at Christmas and I am still in touch with him. Surely his private data is not for public viewing ? I was disgusted as the person reading it disclosed sensitive information. Now I am stuck what to do.The manager gave her permission to read it but surely this is not allowed.

Angelina Gibson 23 Feb 2021

Is my employer able to force me to wear a name badge displaying my full name? I feel it’s too much personal identifying information

Mel 12 Feb 2021

A friend in a call centre is concerned as the new manager has started emailing weekly stats which show all her teammates toilet break times, call times etc as she feels this is none of her business. Is this a breach of GDPR? (Thinking if people are unwell and suddenly use the toilet more / menstruating / pregnant etc)

Steve 9 Feb 2021

Hi there, Can my employer share my address with a line manager as I have had a line manger come to my house to call me into work as I’m flexi furlough and my mobile was switched off does this breach GDPR

NC43 27 Jan 2021

My HR manger gave another employee my personal mobile number is this alowed, against GDPR?

GB 25 Jan 2021

At college in the nursery I work in has recently given a parent of a child I care for my personal home address, is this right?

MB 21 Jan 2021

Does my manager have the right to share my personal mobile number with a director without my permission?

MH 11 Jan 2021

A team member shared I was having the vaccine with her family and friends - is this a GDPR breach?

Eddie 11 Dec 2020

On two occasions recently my employer has given a fellow employee, my address to hand deliver letters to me is this legal? As I’m concerned they are giving out my address without my permission.

Rich007 3 Dec 2020

Hi there, I was off due to an illness and my employer was telling everyone down where we take our vans to get repaired about how and why I was off sic....is this a breach in data protection or not

H 2 Oct 2020

Is it legal for your manager to carry your details ie wage slips on their phone or is it a breach also I'm not being given wage slips he is keeping them unable to check pay etc is right

Jayne 4 Sep 2020

Previously my wage slips were available through Xero and is password protected. I have left this job and he has sent my payslips along with my P45 via email and copied a member of his family and a co worker who is not a Director. As you can imagine my DOB, address N.I. Is that appropriate under GDPR

Pauline 14 Jul 2020

Can a agency consultant share information given by the temp worker {email} to the employer either verbally or by email...

Misiek 25 Jun 2020

Hello On my eife work place Som one ar send privet personal information to somone Wat shuld we do now..

KA 22 May 2020

My ex employer told my ood colleagues that they had not passed my probation and had let me go, is this allowed? I feel humiliated and angry that they have discussed what should have been a personal and private discussion with my old colleagues. Is this allowed? My boss also sent my personal mobile number to my colleagues without my consent prior to letting me go, is this allowed?

Mhystie26 25 Mar 2020

Does my line manager have the right to share my mobile number with other staff without my permission?

HB 23 Jan 2020

I have recently had to take time off work because of personal reasons, and think my boss has explained to customers why I was off and for how long for. I feel like he or any of my colleagues should be talking about my personal circumstances with the general public.

Aridon 7 Jan 2020

I work in retail premises a work colleague spotted a diary on a shelf on shop floor he handed it to me thinking it was mine as he read a medical certificate that was in it (a fit for work note I presented to my manager about a month ago) I was absolutely horrified as it had my personal details as well as medical complaint on it .I approached my boss said I wasnt happy with his negligence said it breached my data protection but he just took it and placed it in a file in safe Should he still have this on premises after a month and is this a breach of my rights ?

C 7 Dec 2019

My employer has repeatedly given out my personal phone number to customers etc, despite me having said several times i do not want my personal mobile number given out. Is this a breach of the data protection act? And, what if any action can i take against my employer

MA 17 Oct 2019

At my work place our absence/holiday request forms are stored in a clear polypocket stuck on the wall by the manager's desk. Our overtime record sheets are stored in the same way. Is this acceptable HR?

Elaine1 3 Sep 2019

At my workplace we have a folder with names and phone numbers in which is only meant to be used to contact people while we are at work for work purposes and it says do not copy or photo copy it is part of data protection, but a staff member took a photo of this and shared it on a group chat with other work colleges and she only got a warning for this, surly she should have got the sack and could I take this further as I didn’t want my phone number shared in this way.

EO 16 Jul 2019

I pressed 'i do not consent' to my exit interview being shared, but HR have shared it with management in my office who are now giving me the cold shoulder - is this legal?

Poohbear 25 Jun 2019

I asked last week if my boss could help me with a personal loan or a loan from the company of £7000, this was for me and my partner to help us get on the property ladder. This discussion was in private and confidential. Today he was angry with other employees and blurted out in front of other employees that if I or other employees keep wasting money running vehicles around empty there was no way he could give me the £7000 I asked to borrow. Even tho in private last week he said there was nothing he could do to help. It was private information that my co-works now know about which shouldn’t have happened. Where do I stand?

N/A 3 Jun 2019

My ex employer has posted my P45 to another ex employee she didn’t work at the same home as me but had contacted me to say she has half my p45 containing all my personal details

alidowell 24 May 2019

Is it right for a senior or leader to give you're number to a member of staff without your permission

Jeff J 29 Mar 2019

The account for employees' wages is set up as a customer account on the computer and anyone processing invoices has access to everyone's wage history/payments. Is this legal, acceptable, or an infringement on employee privacy rights?

Nj 19 Feb 2019

My current employer has issued my national insurance number on another employees payslip for 3 continuous months, and a letter was sent to the same employee from the hmrc in my name notifying them of future tax channges for the coming year, the same employee whilst trying to register for a company benefit couldn't register his employee account as it was stating they had the incorrect d.o.b, low and behold it was my d.o.b they needed to enter to gain access. These 3 soerate incidents happened over a 5 month period where neither incident was brought to my attention by my employer, I've had no apology or advice on how this happened and what's being done to rectify this breach. I've made a complaint to my hr team over a week ago and I personally still haven't had any correspondence from them other than an automated email saying they'll be in touch within 72 hours, they've contacted my operations manager but not myself. I'm very annoyed that this has happened and they've not apologised or seemingly fulfilled they're duty to notify me, what should I do? And are these grounds to make a compensation claim against my employer for not safeguarding my personal data and causing undue stress?

Cal 11 Jan 2019

I have just moved to a new property within the space of a week my ex employer has sent me a letter looking for payment from an overpaymebt, but I can't understand how they got my address it make another sense, I am not on the electoral roll at my address as I have just moved in. One of my ex employees used to stay in this property what are my rights ?

Hubert 25 Sep 2018

My employer has released my personal data in a mass email. To say that I'm upset is an understatement. What are my legal rights ? do I have any ? am I entitled to compensation ? You advice would be much appreciated.

DNN Editor 3 Sep 2018

@Teamtrave - it's unlikely anything will happen or that the other person is going to sell your number. But it is something you should speak to your company about.

Teamtrave 1 Sep 2018

My employer/pensions dept has sent me another persons pension statement but has also sent that person mines - We have the same name. However this means my national insurance number, date of birth, pension contributions and salary are on the document which really worries me.

KateV Editor 17 Aug 2018

@HannaaLucie - if there was a work/police incident then your employer has every right to contact you or pass your number to the police.

HannaaLucie 3 Aug 2018

I have recently left a job, I have been left about 6 weeks. Today my previous employer rang the police regarding an incident with my partner who also worked there and gave the police my phone number. Is this a breach of privacy as I have been left 6 weeks and they have no reason to have my records still or pass them on to the police.

MeOldChina 26 Jul 2018

I have had issues with work (a manager specifically, who I raised a greivance on, and have just come through that procedure) that have had a knock on effect to my health, in turn, affecting my work... Due to the health issues, I was asked to attend a session with an occupational Dr, which I did. When he sent me his report on me to look over & confirm I was happy for him to send it on. I specifically gave permission for him to send it to my HR Rep. I then also sent it to the HR Rep labelled Private & Confidential. I have not given any further permissions for this document to be shared, yet the manager who I raised the grievance on, has infirmed me that he has read this report. Is this not a GDPR breach?

EmployeePrivacyRights Editor 23 Jul 2018

If you do not wish your full name to be given out, then you should request that your employer no longer does this. If your employer does not take your query on board

Kat 21 Jul 2018

My employer has my full name printed on till receipts given out to the pubic. I’ve had men contact me through personal social media because of this. Is this a breach of my person data?

Speeds 4 Jul 2018

An old employer ( over 4 years ago) gave a complete stranger my place of work resulting in a phone call to my employer regarding something unrelated to my job - is that a breach of gdpr?

HaB Editor 18 Jun 2018

@Enam - if you think security is not tight enough I'd complain or write to them directly. It's usually the other way around these days - we have so many passwords or security questions we can't remember them.

Enam 16 Jun 2018

Three have a live chat where they only ask for name, post code and date of birth. Any close friends or family members easily have access to these details which means they can easily access my account without my consent. By law, are the questions they ask sufficient or do they need to tighten up the security with more questions?

Murkym 15 Jun 2018

Hi there. I left my employer 2 weeks ago and they have sent out various correspondence to me regarding final salary etc I have been contacted by another ex employee who has had a letter addressed to me, posted to him. Luckily he has my mobile number to tell me. This has caused me distress since he called. I don't want others knowing my reasons for leaving. Is this a gdpr breach? What should I do. Thanks

Unsureaboutdataprote 24 May 2018

My ex employer has given out my home address to a solicitors re: contacting me about an employment tribunal...I made a witness statement last year when I still worked for the company, but left at the start of the year. Should they have done this without my consent?

Bri Editor 22 May 2018

@Danc - you would have to write to them. How come you have access to your old online portal anyway?

Danc 21 May 2018

My ex employer(a company which has over 1000 stores) are logging onto my old online portal at work which has all my information on there from all my old pay slips to bank account numbers, sort codes,mobile number,address etc. Is this legal?

Meemme 7 May 2018

My company is repeatedly giving out my mobile number to clients. The phone is personal, not work, bought out-right by me and on payg. Is what they are doing legal?

K 27 Apr 2018

Returned to work after long term sick leave (6 months). Told I couldn't return by employer when I arrived back. I wouldn't leave without written evidence as to why he wasn't allowing me back. He called police to have me removed for trespassing. Employer disclosed all my medical conditions and medical history with police without consent from me. No crime as it was a civil matter, they just come along to ask me to leave. Should he have disclosed all information as no crime committed.

Darcey Editor 26 Apr 2018

@Scous - if your illness is affecting your ability to work, then as a company it has to be discussed.

Scous 25 Apr 2018

I have MS and asked my line manager for some adjustments. He took my request to a resource meeting were he discussed my condition with other employees. He told me he was taking my request to a meeting but didn’t get consent off me to discuss my condition... has he breached data protection? Thanks

Ferdy 24 Apr 2018

I purchased tickets online to a large concert event. The event date changed and I elected to request a full refund. I am being asked to provide my Date of Birth along with other details. Is this legal?

Doc7 20 Mar 2018

I recently received a complaint at work (which was not upheld) however a senior manager whilst speaking to another member of staff told them of this complaint and mentioned my name when giving details of this. Is this a clear breach of data protection? Thanks

mad jo.b 19 Mar 2018

i had an attachment of earnings on my wage. she left the letter on her desk so all the staff could read it. also when she didnt pay my attachment the bailiffs came to work regarding it. she then called all the staff in and made tell all the staff it was because of my attachment of earnings and the bailiff had nothing to do with her. what can i do as she is always leaving staff info laying about

EmployeePrivacyRights Editor 16 Mar 2018

The company does not have to share this information with you, nor is it compulsary for the company to issue any feedback. There is nothing stopping you in asking for the results. At the same time please be aware the company may feel it has done enough in complying with your initial requests.

Nhya91 15 Mar 2018

I have recently applied for a job and I had to fill in some tests. I've got rejected. Only feedback I've received is a report saying I need to improve my logical reasoning skills, my numerical skills are one of my skills and some other interpretations of my results. The question is, can I ask for the results? I would like to see where I have failed but the company refuses to share that information with me. Is there anything I can do about?

Adviceseeker 28 Feb 2018

Invoices addressed to the manager who ordered name badges showing every staff members' first and family names were not put in confidential waste but ended up in recycling. Has a breach of data protection occurred? My employers have not told the staff that this has happened; should they? Am I able to insist on an apology?

Jillpen 25 Feb 2018

It has come to my attention that my manager has sent emails to her colleague about me which are rude and describe me using language including swear words and about my apparently non-managerial behaviour which has never been discussed with me let alone ever been highlighted to me or any of my team members that there was infact a problem. What I want would like to know is am I entitled to ask for a copy if the personnel emails about me under the data protection act?

Bud 24 Jan 2018

At end of year accounts wages are shown at a total 1member wants everyone wages put down individual president of the club is going round staff and committee asking them what there salary is surely this is against data protection law staff do not agree with him doing this

EmployeePrivacyRights Editor 30 Nov 2017

You would have to attempt to discuss this with your employer directly.

Hatterz 28 Nov 2017

I work in logistics for a main stream brand delivering furniture to customers home address. And recently our employer has been sending our full first and surname to customers where before it was only our first names. I don’t feel comfortable with this as with the likes of social media if a customer wasn’t happy for any reason can now hunt you down I and the rest of my colleagues feel this is a breach of our own data protection is this the case ?

Sally 10 Nov 2017

I work in the NHS. The department I work for is spread over several sites. When someone is off sick we have been instructed to email the whole department explaining that so and so is off sick, or so and so has gone home early even though it does not effect the whole department. Is this allowed? It has been challenged by many members of staff but we kept getting told that this is what the “boss” wants. Surely this is an infringement on our right to a private life?

EmployeePrivacyRights Editor 9 Nov 2017

You would have to speak to your employer directly about the fact you feel uncomfortable about revealing your full name. This is understandable, and hopefully your employer will take your concerns on board.

Sue 8 Nov 2017

I work in a GP surgery in an admin position, they now want us to wear full name badges. I am very uncomfortable with this mainly because of social media and patients snooping on my privacy. It has never been a necessity before and I don't mind a badge with my first name only. Please advise where I stand?

BNN Editor 19 Sep 2017

@mark - it depends what your position is in the company?

Mark 16 Sep 2017

During a meeting I was given 3 other employees wage slips to show they've had a loan and the dedications. These wage slips have a number of details on and this was without any of the employees permission is this legal?

class2 driver 1 Jul 2017

at my employment a member of staff whop has access to our personal files gave out all our home addresses without seeking our consent... how do we stand over this matter... many thanks

CharlieL Editor 20 Mar 2017

@Zoe - no - it's not illegal for your employer to want to keep a record of what you buy in-house. Regards- Chas.

Zoe 19 Mar 2017

My manager has started taking a copy of our store purchases, writing our name on them and storing them in new named files in his office. I dont even keep a records of what i send. I dont shares my purchase history with even my husband. Is this legal.

rocket 24 Aug 2016

I have been with a company for 1 year my birth certificate in a envelope was handed to my manager, he then handed it to my supervisor who thought would be ok to check it which he thought be funny to write my address down, then nickname me by my middle name which stuck around site and I think it's a breach of privacy and trust?

shab 22 Aug 2016

my line manager wants us to put our full names including surname on a public board to show who is duty admin that week. The public don't really need to know who the duty admin as this doesn't really affect them int he work. I am happy for my first name but not surname. It is not common and we deal with not so safe people (SOPO or Mental Health) some time and I have my young family to look after. Do I have a right to refuse my surname being shown in public

Jan 2 Jul 2015

Hi my employer is changed the customers receipt and this now shows my first name are they allowed to do this jam not happy about it Thanks in advance

Noddyflop 27 May 2015

my date of birth has just been circulated around the office by our HR Department; surely this is a breach of data protection?

pocket 26 Feb 2014

a potential employer ,gave me a job and said upon receipt of my crb check would commence employment upon receipt of said document I took it to her 2 days later I received the news I did not have the position, this potential employer has said she shredded my crb certificate on speaking with the crb issuerer, have been told she should not have destroyed my certificate she has become agitated that I am following this line of inquirey what are my rights I have no proof that this is what she has done

akkers 24 Apr 2012

My line manager has opened my work draw and taken out and copied personal information from an envelope clearly marked private and confidential. he has then quizzed me on the information in a public place. Thanks.

laura 20 Jan 2012

my date of birth has just been circulated around the office; surely this is a breach of confidence.

Ask a Question or Comment

Your email won't be published. Comments are moderated before appearing.