Skip to main content

Data Protection Act

What is the Data Protection Act?

The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It was developed to control how personal or customer information is used by organisations or government bodies. It protects people and lays down rules about how data about people can be used.

The DPA also applies to information or data stored on a computer or an organised paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.

The Data Protection Act is due to be replaced in May 2018 by the upcoming General Data Protection Regulations (GDPR).

Why is the Data Protection Act important?

The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including:

  1. Regulating the processing of personal data
  2. Protecting the rights of the data subject
  3. Enabling the Data Protection Authority (The ICO) to enforce rules
  4. Holding organisations liable to fines in the event of a breach of the rules

The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles' that all organisations collecting and using personal information are legally required to comply with.

The law provides stronger protection for more sensitive information such as:

  • Ethnic background
  • Political opinions
  • Religious beliefs
  • Health
  • Sexual life
  • Criminal history.

How can you successfully meet the Data Protection Act’s standards?

Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold is a key part of thriving under the DPA (and eventually the GDPR). Important activities you should consider include:

  1. Regular evaluation of the quality of the data that you hold and are continuing to collect.  Contact Data Validation and Data Cleansing are good ways of doing this.
  2. Ensuring you have the right roles and responsibilities set out for your data’s management including the focal point of a Data Protection Officer.
  3. Analysis and profiling of your data to identify any potential gaps or issues that could cause problems to arise.

How does the GDPR differ from the Data Protection Act?