Data Protection Act 2018

The Data Protection Act (DPA) is a law passed by the British government in 1984 and updated in 1998.

It sets out rules for people who use or store data about living people and gives rights to those people whose data has been collected. The law applies to data held on computers or any sort of storage system, even paper records.

The law covers personal data which are facts like your address, telephone number, e-mail address, job history etc.

People who use the information are called data users. People who the data is about are called data providers.

This is a brief simplified summary of the main principles of the UK Data Protection Act

• If you collect data about people for one reason, you must not use it for a different reason;
• You must not give people's data to other people or organisations unless they agree;
• People have the right to look at data that any organisations store about them;
• You must not keep the data for longer than you need to and it must be kept up to date;
• You must not send the data to places outside of the European Economic Area unless adequate levels of protection exist;
• Organisations that store data about people must register with the Information Commissioner’s Office;
• If you store data about people you must make sure that it is secure and well protected;
• If an organisation has data about you that is wrong, then you have a right to ask them to change it.

• Computer legislation
• Computer Misuse Act

• Information Commissioner’s Office