Up One Level

UK Data Protection Act


The Data Protection Act 1998 came into force on 1 March 2000 in the United Kingdom, and established rules for processing information of a personal nature and applies to paper records as well as those held on computers.

The Data Controller is "a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed".

The principles of the Act are as follows :-

Anyone processing personal data must comply with the eight enforceable principles of good practice. Data must be:

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate
  5. not kept longer than necessary
  6. processed in accordance with the data subject's rights
  7. secure
  8. not transferred to countries without adequate protection

Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data controller towards the individual, although in some limited circumstances exemptions will apply. With processing, the definition is far wider than before. For example, it incorporates the concepts of 'obtaining', holding' and 'disclosing'. For more information see http://wood.ccta.gov.uk/dpr/dpdoc.nsf .

*** The Information Security Glossary ***
Previous PageTop of this pageNext Page

Buy Now:


This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Resources: Data Protection Act