top of page

What is Data Protection Act?

Updated: Mar 16



The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It was developed to control how personal or customer information is used by organisations or government bodies. It protects people and lays down rules about how data about people can be used.

The DPA also applies to information or data stored on a computer or an organized paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.

The Data Protection Act was replaced in May 2018 by the General Data Protection Regulations (GDPR).

Why is it important?

The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including: Regulating the processing of personal data

  1. Protecting the rights of the data subject

  2. Enabling the Data Protection Authority (The ICO) to enforce rules

  3. Holding organisations liable to fines in the event of a breach of the rules

The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the ‘data protection principles’ that all organisations collecting and using personal information are legally required to comply with.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used for specified, explicit purposes

  • used fairly, lawfully and transparently

  • used in a way that is adequate, relevant and limited to only what is necessary

  • accurate and, where necessary, kept up to date

  • kept for no longer than is necessary

  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

The law provides stronger protection for more sensitive information such as:

  • Ethnic background

  • Political opinions

  • Religious beliefs

  • Health

  • Sexual life

  • Criminal history

Data Subject Rights


Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

  • be informed about how your data is being used

  • access personal data

  • have incorrect data updated

  • have data erased

  • stop or restrict the processing of your data

  • data portability (allowing you to get and reuse your data for different services)

  • object to how your data is processed in certain circumstances

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)

  • profiling, for example to predict your behaviour or interests

How can you successfully meet data regulation standards?

Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include:

  1. Regular evaluation of the quality of the data that you hold and are continuing to collect. Contact Data Validation and Data Cleansing are good ways of doing this.

  2. Ensuring you have the right roles and responsibilities set out for your data’s management including the focal point of a Data Protection Officer.

  3. Analysis and profiling of your data to identify any potential gaps or issues that could cause problems to arise.

  4. You can use Lightbeam.ai’s compliance software to ease your compliance with Data Protection Act.