Beta This is a new way of showing guidance - your feedback will help us improve it.
1. The Data Protection Act 1998 (“DPA”)1 regulates the processing and use of personal data2. The DPA is wide ranging and covers data kept in both manual and electronic form3. It lists eight “data protection principles”, and any “processing” of personal data must be done in accordance with them. “Processing” includes obtaining, recording, holding, adapting, or disclosing the data4. These principles are designed to ensure that:
2. The DPA specifies conditions which must be met before processing of personal data 5 and "sensitive" personal data 6 can be undertaken.
3. The DPA provides certain rights of access by data subjects to the data held on them 7 but is also subject to a number of exceptions for a range of governmental (including law enforcement and regulatory) activities 8.
4. It also prevents access by third parties to the personal data of others 9 but this prohibition is again subject to various exceptions 10.
Is this page useful?