Data Protection Act

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Data Protection Act (D.P.A) is a law passed by the British government in 1984 and updated in 1998.

It sets out rules for people who use or store data about living people and gives rights to those people whose data has been collected. The law applies to data held on computers or any sort of storage system, even paper records.

The law covers personal data which are facts like your address, telephone number, e-mail address, job history etc.

People who use the information are called data users. People who the data is about are called data providers.

Main points of the Act[change | change source]

This is a brief simplified summary of the main principles of the UK Data Protection Act

  • If you collect data about people for one reason, you must not use it for a different reason;
  • You must not give people's data to other people or organizations unless they agree;
  • People have the right to look at data that any organizations store about them;
  • You must not keep the data for longer than you need to and it must be kept up to date;
  • You must not send the data to places outside of the European Economic Area unless adequate levels of protection exist;
  • Organizations that store data about people must register with the Information Commissioner’s Office;
  • If you store data about people you must make sure that it is secure and well protected;
  • If an organization has data about you that is wrong, then you have a right to ask them to change it.

The newest version of the DPA was released in 1998.

Related pages[change | change source]

Other websites[change | change source]