Do you know what the data protection act 1998 states? Also, what does this mean for businesses today? Find out below.
The Data Protection Act 1998
The data protection act 1998 is one of the most important pieces of legislation for businesses operating within the EU. And is one that is often overlooked. The act was written with the main aim of protecting individuals and organizations from the illegal use of data. The act applies to all businesses that handle personal data.
The Data Protection Act 1998 applies to all companies that have a registered office in the EU and control the processing of personal data. Then, this includes processing personal information in any form, including paper files. And includes personal data being passed between companies.
Then, the Act is split into eight separate parts:
- Preliminary
- The Data Protection Principles
- The Rights of Data Subjects
- Law Enforcement
- Miscellaneous and General
- Transitional & Consequential Provisions
- Consequential Amendments to Other Acts
- Short Title, Commencement, Repeals & Interpretation
Personal Data means any information relating to an individual who can be identified from that data alone. Or in conjunction with other information that is in, or is likely to come into, the organization’s possession. Then, the Act protects both physical and electronic information about individuals. Also, it does not cover personal data relating to legal entities such as companies.
Moreover, certain conditions must be met before an individual can be classed as a Data Subject. A Data Subject must:
1) be living; and
2) be identified.
The Importance of Data Protection Act 1998
The data protection act 1998 is important due to:
1) the vulnerability of data
2) the increase in computer systems and technology
The Act places a legal duty on all organizations to protect the personal data they have collected or will be collecting in the future. Additionally, it also places a legal duty on all organizations to comply with eight key principles. And these are:
The Principles are:
1) Fair and lawful processing of personal data
2) Obtaining only the data required for specified purposes
3) Adequate, relevant, and not excessive data
4) Accurate and up-to-date data
5) Storage of only relevant data that is stored for no longer than is required
6) Processed in line with your rights, and kept safe and secure from unauthorized access or use
7) Not transferred to other countries without sufficient protection
8) Personal Data may be processed without your knowledge or consent if it is needed for preventing fraud or other crimes. Or where you have given your prior consent. But, you can withdraw this consent at any time.
Also, the Act makes sure that there are clear guidelines concerning Personal Data. And that these guidelines are followed by all organizations that process personal data. For instance, an organization must inform individuals how their personal information will be used before they collect it.
Conclusion
So, as you can see, it is a legal requirement that all businesses protect the personal data of their customers and clients. Also, to follow the guidelines set out in the Data Protection Act 1998. But, also, every business needs to know how to comply with the act effectively.