Manchester Solicitors

DATA PROTECTION

Data Protection Act 1998 (DPA) regulates how personal data held on computers or in manual records is utilised and protected by people who have access to it.

Data Protection Act specifies 8 principles which must be followed by all organisations

Principles

Personal data must be:

1.            fairly and lawfully processed – each person needs to give consent in order to process personal date or it is essential to comply with legal obligations

2.            acquired  for specific and lawful purpose

3.            sufficient, applicable and no more than is necessary

4.            correct and up to date

5.            kept only for as long as it is essential

6.            dealt with the rights of the individual

7.            protected against illegal processing, loss, destruction or damage

8.            transferred to country outside the European Economic Area (EEA) only if it is ensured that there is an sufficient level of protection

Rights of individuals

The Act gives some rights:

1.       Everyone is entitled to be informed of the reason why their  personal data is being processed;

2.       to require access to their personal data;

3.       processing data can be stopped by an individual if it is causing extensive damage or misery, or if it is used for marketing;

4.       to be informed if computerized decisions are taken, e.g. selection for redundancy

Remedies

If any of the provisions are breached, the individual has certain remedies:

a.       The court can order the organisation to comply with the legislation

b.      If the individual suffered damages, the court may order compensation

c.       Mistaken or damaging information can be rectified, blocked, or eased

d.      Information Commissioner can check whether the data is being processed according to the legislation