Data Protection
The Data Protection Act says how organisations (and in some cases individuals) have to look after any personal data they use. From April 2010 the Information Commissioner will have the power to fine organisations that do not comply with the Act.
The Data Protection Act is a beguiling of bit of law.
Look at it in one way and it is really simple. All an organisation has to do is fill-out an online form to register with the Information Commissioner and then comply with the eight data protection principles
Look at it the other way and it is the most tortuous piece of well-meaning law that is almost impossible to comply with, described in barely-penetrable legalese for 40 pages and 16 schedules which have then been amended by Statutory Instruments and ‘clarified’ by a few major cases. Personally I’ve never met an organisation that doesn’t – to some degree – breach the DPA.
If you are keen to understand the Act and make sure your organisation isn’t in breach then these pages are for you. I’ve tried to explain the main parts of the Act, and what you need to do to comply, in simple English. This is a work-in-progress so please bear with me while I complete all the sections.
If you’d like to get someone else to do the hard work then I provide a simple DPA gap analysis service that simultaneously assesses your DPA compliance and your information security.
Understanding the eight principles
Principle 1 — Be fair when you get, use and share data
Principle 2 — Tell people what you will do with their data, do nothing more
Principle 3 — Only get data you need
Principle 4 — Ensure data you hold is accurate
Principle 5 — Delete data you no longer need
Principle 6 — Respect people’s rights over personal data
Principle 7 — Make sure you don’t lose data
Principle 8 — Be careful if you send data to other countries
People’s rights and responding to their requests
Gap Analysis
DPA Questions
