Skip to main content

Data Protection Act

What is the Data Protection Act?

The Data Protection Act controls how personal or customer information is used by organisations or government bodies. The Data Protection Act includes strict guidelines and privacy policies on how to keep information safe. Companies that do not have a data management strategy in place could be breaching the DPA and could be at risk of prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment. Any organisation that handles personal information about individuals must protect that information under the Data Protection Act 1998.

What are the key principles of the Data Protection Act?

The Data Protection Act's rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles'.
These principles require any organisation, corporation or governmental body that collects personal information to handle it safely.

The Data Protection Act, states that all organisations collecting and using personal information are legally required to comply with these principles.
The law provides stronger protection for more sensitive information - such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history.

This data act is enforced by an independent information commissioner, who can take action against any company or governmental body that fails to protect their data, or that abuses its right to collect and hold that information.

Read more

Next glossary definition

Copyright ©, 2014-2017. All rights reserved.

Experian Ltd is authorised and regulated by the Financial Conduct Authority. Experian Ltd is registered in England and Wales under company registration number 653331.
Registered office address: The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ.