Data Protection ACT
1998
What is the Data Protection Act?
The Data Protection Act 1998, in
its current form, was implemented in March 2000 to give individuals a right of
access to ‘personal data’. This personal data qualifies as any information held
by a company that relates to an individual. Personal data is often collected
when an individual completes the purchase of a good or service from a company.
It can consist of contact, bank or any other necessary details needed to
facilitate an exchange.
However, much of the data that is
collected is sensitive and if it were to fall into the wrong hands could result
in fraudulent activities against the individual. This is regarded to be a
direct breach of civil liberties.
With so much personal data held
by an increasing number of organisations, there needs to be some benchmark for
companies to follow if they are to ensure that data is handled fairly. The Data
Protection Act acts as a foundation for providing that benchmark.
Who need to comply with the Data Protection Act?
Any company or professional that
needs to store personal data from clients in order to perform business
activities is classified as a ‘data controller’. As a data controller they must
notify the Information Commissioner’s Office (ICO) that they are responsible
for the availability, integrity and security of that data under the Act.
Most companies in the UK who
process customer data fall under requirements of the Data Protection Act. Some
of the key regulatory bodies responsible for promoting faithfulness to the Act
include the Financial Services Authority (FSA) and the Solicitors Regulation
Authority (SRA)
WHAT ARE THE REQUIREMENTS OF THE DATA PROTECTION ACT?
The Data Protection Act can be complex
and difficult to interpret. It mainly consists of eight key principles that
must be adhered to. We have tried to make those principles as easy to
understand as possible.
No comments:
Post a Comment