The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It was developed to control how personal or customer information is used by organisations or government bodies. It protects people and lays down rules about how data about people can be used.
The DPA also applies to information or data stored on a computer or an organized paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.
The Data Protection Act was replaced in May 2018 by the General Data Protection Regulations (GDPR).
Why is it important?
The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including: Regulating the processing of personal data
Protecting the rights of the data subject
Enabling the Data Protection Authority (The ICO) to enforce rules
Holding organisations liable to fines in the event of a breach of the rules
The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the ‘data protection principles’ that all organisations collecting and using personal information are legally required to comply with.
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
used for specified, explicit purposes
used fairly, lawfully and transparently
used in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
The law provides stronger protection for more sensitive information such as:
Ethnic background
Political opinions
Religious beliefs
Health
Sexual life
Criminal history
Data Subject Rights
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
be informed about how your data is being used
access personal data
have incorrect data updated
have data erased
stop or restrict the processing of your data
data portability (allowing you to get and reuse your data for different services)
object to how your data is processed in certain circumstances
You also have rights when an organisation is using your personal data for:
automated decision-making processes (without human involvement)
profiling, for example to predict your behaviour or interests
How can you successfully meet data regulation standards?
Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include:
Regular evaluation of the quality of the data that you hold and are continuing to collect. Contact Data Validation and Data Cleansing are good ways of doing this.
Ensuring you have the right roles and responsibilities set out for your data’s management including the focal point of a Data Protection Officer.
Analysis and profiling of your data to identify any potential gaps or issues that could cause problems to arise.
You can use Lightbeam.ai’s compliance software to ease your compliance with Data Protection Act.