Why is it important for your organisation to comply with the Data protection Act?
The Data Protection Act 1998 (“DPA”), lays down eight data protection principles that any organisation processing data of folks should comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on data protection into UK law introducing radical alterations to the way in which personal data with regards to identifiable living men and women can be used. The constant require for organizations to approach private information signifies that the DPA impacts upon most organisations, irrespective of size. Moreover, the public’s expanding awareness of their appropriate to privacy implies that data protection will remain an crucial situation.
The DPA makes a distinction among private information and individual sensitive data. Personal data contains individual information relating to personnel, clients, business contacts and suppliers. Sensitive information covers an individual’s ethnic origin, healthcare circumstances, sexual orientation and eligibility to operate in the UK . The data protection principles set out the standards which an organisation will have to meet when processing private information. These principles apply to the processing of all individual information, whether these information are processed automatically or stored in structured manual files.
What is information?
Information signifies info which is processed by pc or other automatic gear, which includes word processors, databases and spreadsheet files, or facts which is recorded on paper with the intention of getting processed later by laptop or details which is recorded as component of a manual filing program, where the files are structured according to the names of men and women or other qualities, such as payroll quantity, and exactly where the files have adequate internal structure so that certain information about a specific person can be discovered easily.
What are the eight information protection principles?
The eight information protection principles are as follows:
Individual data ought to be processed relatively and lawfully
Private data have to be obtained only for specified and lawful purposes and ought to not be processed additional in any manner incompatible with these purposes
Individual data should be adequate, relevant and not excessive in relation to the purposes for which they were collected
Personal information should be accurate and, exactly where important, kept up to date
Personal information should not be kept longer than is important for the purposes for which they were collected
Personal data should be processed in accordance with the rights of data subjects
Private data should be kept safe against unauthorised or unlawful
processing and against accidental loss, destruction or damage
Personal information need to not be transferred to countries outdoors the European
Economic Region unless the country of location provides an sufficient level of information protection for those information.
What information comprises individual data?
Personal data relates to information of living men and women who can be identified from these information, or from these information and other information and facts which is in the possession of the information controller or which is most likely to come into its possession for example, names, addresses and residence telephone numbers of personnel.
What data comprises sensitive information?
Private Sensitive information (“sensitive data “) consist of info relating to a information subject’s (individuals):
racial or ethnic origin
religious beliefs or other similar beliefs
trade union membership
physical or mental well being or situation
commission or alleged commission of any offences convictions or criminal proceedings involving the information topic.
convictions or criminal proceedings involving the information subject.
What is the which means of processing beneath the DPA?
The definition of ‘processing’ is extremely broad. It covers any operation carried out on the information and incorporates, obtaining or recording data, the retrieval, consultation or use of data, the disclosure or otherwise creating accessible of data.
Who is a data controller?
A ‘data controller’ is any particular person who (alone or jointly with other people) decides the purposes for which, and the manner in which, the private data are processed. The information controller will thus be the legal entity which exercises ultimate control more than the personal data. Person managers or staff are not information controllers.
The data controller is responsible for:
Personal information about identifiable living men and women
Deciding how and why individual data are processed
Info handling – complying with the eight information protection principles
Acquiring “information subjects” consent for processing sensitive data
Existing procedures for handling sensitive or private information
Safety measures to safeguard individual information
Who is a information processor?
A ‘data processor’ is a particular person or organisation who processes the data on behalf of the information controller, but who is not an employee of the information controller.
Who is Power of Attorney Solicitors ?
A ‘data subject’ is any living person who is the topic of individual information. There are no age restrictions on who qualifies as a information topic, but the definition does not extend to people who are deceased.
Are we expected to notify? What does notification imply?
An organisation have to not course of action any private information unless it has first notified the Information Commissioner of particular particulars, like:
the organisation’s name and address
the purposes for which the data are to be processed
any proposed recipients of the information
nations outdoors the European Economic Area to which the data may be disclosed.