The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It protects people and lays down rules about how data about people can be used by organisations, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulations (GDPR).
The DPA also applies to information or data stored on a computer or an organised paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.
The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including:
The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles' that all organisations collecting and using personal information are legally required to comply with.
The law provides stronger protection for more sensitive information such as:
Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include:
Learn all about the incoming data regulations, the key elements and how you can thrive under them in our new white paper ‘Defining the data powered future’.