The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It was developed to control how personal or customer information is used by organisations or government bodies. It protects people and lays down rules about how data about people can be used.
The DPA also applies to information or data stored on a computer or an organised paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.
The Data Protection Act was replaced in May 2018 by the General Data Protection Regulations (GDPR).
The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including:
The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles' that all organisations collecting and using personal information are legally required to comply with.
The law provides stronger protection for more sensitive information such as:
Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include: