Data Protection Act

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Data Protection Act (DPA) is a law passed by the British government in 1998.

It sets out rules for people who use or store data about living people and gives rights to those people whose data has been collected. The law applies to data held on computers or any sort of storage system, even paper records.

The law covers personal data which are facts like your address, telephone number, e-mail address, job history etc.

People who use the information are called data users. People who the data is about are called data subjects.

Main points of the Act[change | change source]

This is a brief simplified summary of the main principles of the UK Data Protection Act

  • If you collect data about people for one reason, you can not use it for a different reason;
  • You can not give people's data to other people or organizations unless they agree;
  • People have the right to look at data that any organizations store about them;
  • You can not keep the data for longer than you need to and it must be kept up to date;
  • You cannot send the data to places outside of the European Economic Area unless adequate levels of protection exist.
  • Most organizations that store data about people have to register with the Information Commissioner’s Office;
  • If you store data about people you must make sure that it is secure and well protected;
  • If an organization has data about you that is wrong, then you have a right to ask them to change it.

Please note that this summary leaves out a lot of detail.

The newest version of the DPA was released in 1998.

Related pages[change | change source]

Other websites[change | change source]