Why is it crucial for your organisation to comply with the Data protection Act?
The Data Protection Act 1998 (“DPA”), lays down eight data protection principles that any organisation processing data of folks should comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on data protection into UK law introducing radical adjustments to the way in which individual information regarding identifiable living people can be used. The continual will need for businesses to procedure private information indicates that the DPA impacts upon most organisations, irrespective of size. In addition, the public’s expanding awareness of their right to privacy indicates that data protection will remain an crucial issue.
The DPA makes a distinction between individual information and personal sensitive information. Personal information includes private information relating to personnel, customers, organization contacts and suppliers. Sensitive data covers an individual’s ethnic origin, health-related conditions, sexual orientation and eligibility to function in the UK . The data protection principles set out the requirements which an organisation should meet when processing individual data. These principles apply to the processing of all private data, no matter whether those data are processed automatically or stored in structured manual files.
What is information?
Information implies info which is processed by laptop or computer or other automatic gear, which includes word processors, databases and spreadsheet files, or details which is recorded on paper with the intention of getting processed later by computer or data which is recorded as aspect of a manual filing method, where the files are structured according to the names of men and women or other qualities, such as payroll quantity, and exactly where the files have adequate internal structure so that certain information and facts about a unique person can be discovered effortlessly.
What are the eight information protection principles?
The eight information protection principles are as follows:
Private information need to be processed fairly and lawfully
Private data have to be obtained only for specified and lawful purposes and need to not be processed further in any manner incompatible with these purposes
Private data should be adequate, relevant and not excessive in relation to the purposes for which they have been collected
Personal information should be precise and, where important, kept up to date
Personal data should not be kept longer than is required for the purposes for which they had been collected
Individual data must be processed in accordance with the rights of information subjects
Personal information have to be kept secure against unauthorised or unlawful
processing and against accidental loss, destruction or harm
Private information should not be transferred to nations outdoors the European
Financial Location unless the nation of destination gives an sufficient level of information protection for these data.
What information comprises private information?
Individual information relates to information of living men and women who can be identified from these information, or from these data and other facts which is in the possession of the data controller or which is likely to come into its possession for example, names, addresses and residence phone numbers of employees.
What data comprises sensitive data?
Private Sensitive data (“sensitive data “) consist of facts relating to a data subject’s (men and women):
racial or ethnic origin
political opinions
religious beliefs or other similar beliefs
trade union membership
physical or mental overall health or situation
sexual orientation
commission or alleged commission of any offences convictions or criminal proceedings involving the data subject.
convictions or criminal proceedings involving the data topic.
What is the meaning of processing beneath the DPA?
The definition of ‘processing’ is extremely broad. It covers any operation carried out on the information and involves, obtaining or recording information, the retrieval, consultation or use of data, the disclosure or otherwise producing obtainable of data.
Who is a information controller?
A ‘data controller’ is any individual who (alone or jointly with other folks) decides the purposes for which, and the manner in which, the personal data are processed. The data controller will for that reason be the legal entity which workout routines ultimate control over the personal information. Person managers or workers are not data controllers.
The data controller is accountable for:
Private data about identifiable living individuals
Deciding how and why individual data are processed
Data handling – complying with the eight information protection principles
Acquiring “information subjects” consent for processing sensitive information
Current procedures for handling sensitive or private data
Safety measures to safeguard individual information
Notification
Who is a information processor?
A ‘data processor’ is a individual or organisation who processes the information on behalf of the information controller, but who is not an employee of the data controller.
Who is a information topic?
A ‘data subject’ is any living individual who is the subject of private information. There are no age restrictions on who qualifies as a information topic, but the definition does not extend to individuals who are deceased.
Are we essential to notify? What does Power of Attorney Solicitors ?
An organisation have to not process any personal data unless it has 1st notified the Info Commissioner of certain particulars, including:
the organisation’s name and address
the purposes for which the information are to be processed
any proposed recipients of the information
countries outdoors the European Financial Area to which the information could be disclosed.