Monday, January 7, 2013

Data Protection Act 1998

The Act required member states ‘to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal
data’. It came into force on 1 March 2000. It covers computer and manual records.

The Act contains the following principles. Personal Data (shall)/(shall not) be
  1. Processed fairly and lawfully, and not be processed unless certain conditions are met
  2. Obtained for specified and lawful purposes and not be further processed in any manner incompatible with those purposes.
  3. Adequate, relevant and not excessive in relation to the purpose for which they are processed.
  4. Accurate and, where necessary, kept up to date.
  5. Kept for longer than is necessary for its purpose. 
  6. Processed in accordance with the rights of data subjects under the Act. 
  7. Appropriate measures shall be taken against unauthorised or unlawful processing of personal data.
  8. Transferred to a country outside the EEA unless that country has an adequate level of protection for the rights and freedoms of data subjects.
The legislation enshrines the following rights;
  • Right of ACCESS - max fee of £10
  • Right to PREVENT processing if likely to cause distress or damage.
  • Right to prevent processing for MARKETING
  • Right in relation to AUTOMATED decision
  • Right to COMPENSATION
  • Rectification, blocking, erasure and destruction
  • Request for ASSESSMENT