What is the Data Protection Act 1998 ?
The Data Protection Act (DPA) gives individuals certain rights regarding information held about them. It places obligations on those who process information (data controllers) while giving rights to those who are the subject of that data (data subjects). Personal information covers both facts and opinions about the individual.
We are registered with the Information Commissioner as a Data Controller.
The eight principles of good practice
Anyone processing personal information must comply with eight enforceable principles of good information handling practice.
These say that data must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept longer than necessary
- processed in accordance with the individual’s rights
- not transferred to countries outside European Economic area unless a country has adequate protection for the individual.
Rights under the Act
There are seven rights under the Data Protection Act:
- The right to subject access
- The right to prevent processing
- The right to prevent processing for direct marketing
- Rights in relation to automated decision-taking
- The right to compensation
- The right to rectification, blocking, erasure and destruction
- The right to ask the Commissioner to assess whether the Act has been contravened.
Making a Subject Access Request (SAR)
A citizen has the right to ask to see the information we keep about that individual (the data subject). This is known as a Data Subject Access Request.
See our Data Protection Policy for full details.