Data Protection Act 1998

avatar
Created by
Caleb Ward

Cards (14)

  • Data Protection Act 1998
    A UK law that aims to protect individuals' personal data from misuse.
  • Data Subjects
    Individuals whose personal data is stored and processed.
  • Data Controllers
    Organizations that collect, store, and process personal data.
  • Data Processors
    Companies that process personal data on behalf of Data Controllers.
  • Data Protection Principles
    8 key principles that Data Controllers must follow.
  • Data Protection Principle 1
    Data must be collected and used fairly and inside the law.
  • Data Protection Principle 2
    Data must only be held and used for the reasons given to the Information Commissioner.
  • Data Protection Principle 3
    Data can only be used for those registered purposes. It cannot be given away or sold without permission.
  • Data must be adequate, relevant, and not excessive
    Data must be acceptable, appropriate, and not beyond what is necessary when compared with the purpose for which the data is held.
  • Data must be accurate and up-to-date
    Data must be accurate and up-to-date. For example, making sure data subjects' contact numbers are current.
  • Data must not be kept longer than necessary

    Data must not be kept longer than is necessary. This rule means that it would be wrong to keep information about past customers longer than a few years at most.
  • Data must be kept safe and secure

    Data must be kept safe and secure, for example, personal data should not be left open to unauthorized access, accidental loss, or destruction.
  • Data must be kept safe and secure

    Data must be kept safe and secure, for example, personal data should not be left open to be viewed by just anyone.
  • Data transfer restrictions
    Data may not be transferred outside of the European Economic Area (EEA) unless the country where the data is being sent has a suitable and similar data protection law.