data protection act

avatar
Created by
KS

Cards (6)

  • The UK updated the Data Protection Act introduced in 1998 to become the Data Protection Act (2018) to protect the data of individuals stored on computers and processed by organisations
  • Actions organisations must take to adhere to the Data Protection Act (2018):
    • Appoint and register a data controller responsible for communicating with the Information Commissioner and ensuring compliance with the principles
    • Implement strong security measures to protect data from unauthorized access or transfer
    • Train staff to be aware of their responsibilities and adhere to the principles
    • Allow data subjects to alter their data and delete it when no longer needed
    • Honor Subject Access Requests (SAR) by verifying the user's identity and presenting the data securely
  • Rights of data subjects under the Data Protection Act:
    • Right of access to information stored about them by public bodies
    • Can make a Subject Access Request (SAR) to access their data
  • DPA Principles
    ● Personal data should only be processed within the rights of the data subject.
    ● Personal data should be protected from theft or unlawful access.
    ● Personal data cannot be transferred to anywhere outside of the EU unless the country to which it is being transferred has the same level of DPA.
  • DPA principles-
    Data should be processed fairly and lawfully.
    ● Personal data can only be obtained for clearly stated purposes.
    ● The amount of data collected and stored should not be more than required.
    ● Personal data should be accurate.
    ● Personal data should only be used for the purpose for which it was collected.
  • staff policy- Staff training.
     Staff aware of legal obligations.
     Staff should know the procedures for handling information, for example, shredding old paper records
    Policy should be available for reference.