Last edited 14 Feb 2018

Data Protection Act

The Data Protection Act 1998 is an Act of Parliament that relates to the storing of people's personal data, either on computers or in a paper filing system. The purpose of the act is to secure the legal rights of individuals to control information about themselves.

The Act must be complied with by any party that holds personal data. ‘Personal data’ is defined by the Act as being any data that could identify a living individual, i.e. name, address, telephone number, email address, and so on.

There are eight principles defined in the Act:

  • Fair and lawful processing of personal data.
  • Data shall be obtained only for one or more specified and lawful purposes.
  • The data shall be adequate, relevant and not excessive.
  • The data shall be accurate and, if necessary, kept up-to-date.
  • Processed data shall not be stored for longer than necessary for the purpose/s.
  • The rights of individuals should determine the processing of data.
  • Unauthorised or unlawful data processing shall be met with appropriate measures.
  • Personal data shall not be transferred outside the European Economic Area unless adequate levels of protection are ensured.

From 25 May 2018, the Act will be superseded by the General Data Protection Regulations (GDPR), intended to bring data protection legislation into line with the numerous ways that data is now used. There will also be higher penalties for breaches and non-compliance.

For more information, see GDPR.

[edit] Find out more

[edit] Related articles on Designing Buildings Wiki