Jump to content

Data Protection Act 1998

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 212.219.190.164 (talk) at 13:52, 20 October 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

he Data Protection Act 1984 (DPA) is a British Act of Parliament that provided a legal basis for the privacy and protection of data of UK citizens and businesses. It was repealed by the Data Protection Act 1998. The 1984 Act provided for a regulatory authority, the Data Protection Registrar, to oversee the implementation of and adherence to the Act.

According to the provisions of the DPA, data discovered by one party to another party may only be used for the specific purposes for which they were discovered. Details may only be kept for an appropriate length of time and must not be disclosed to other parties without the consent of the data owner. Schools, for example, may keep information on former pupils for no longer than ten years.

The 1984 act was followed up by the Data Protection Act 1998, actually an implementation of European Union Directive 95/46/EC which, amongst other measures, expanded the remit of the DPR and renamed the position to the Data Protection Commissioner.

Most recently, the Freedom of Information Act 2000 further expanded the role to include freedom of information; the job title of the DPR/DPC was changed once again, this time to Information Commissioner.

The UK DPA has a reputation for complexity. Whilst the basic principles are honoured for protecting privacy, interpreting the act is not always simple.

The Act covers all personal data which an organisation may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.

Data Protection Principles

Personal data must be:

  1. Processed fairly and lawfully.
  2. Obtained for specified and lawful purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate and up to date.
  5. Not kept any longer than necessary.
  6. Processed in accordance with the "data subject's" (the individual's) rights.
  7. Reasonably securely kept.
  8. Not transferred to any other country without adequate protection.

See also


Stub icon

This legislation article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Data_Protection_Act_1998&oldid=26006943"