How to set up and run a small business

Leaderboard – Run – Legal + People

You are here: Home » Run a Business » Legal » Data Protection and the Data Protection Act – An Overview

Data Protection and the Data Protection Act – An Overview

October 11, 2011

The Data Protection Act (1998) was drafted to ensure the privacy of personal information stored electronically on computers nationwide. The Act aims to “promote high standards in the handling of personal information, and so to protect the individual’s right to privacy”.

Anyone holding data relating to living individuals in electronic format (and in some cases, on paper) must follow the Act’s 8 data protection principles:

The 8 Principles of Data Protection

Under the DPA, personal information must be:

• Fairly and lawfully processed
• Processed for specified purposes
• Adequate, relevant and not excessive
• Accurate, and where necessary, kept up to date
• Not kept for longer than is necessary
• Processed in line with the rights of the individual
• Kept secure
• Not transferred to countries outside the European Economic Area unless there is adequate protection for the information

The DPA included the creation of an Information Commissioner to maintain a list of data controllers and details of the type of personal data stored by each controller. This is a process described as “notification”. A list of all data controllers and the information they store can be accessed online here.

Not only is compliance with the Data Protection Act a legal requirement, there are also a number of business reasons why you should comply – we discuss this further in our article on Data Protection Compliance.