Data Protection Act 1984 - Definition and Overview

The Data Protection Act 1984 is a British Act of Parliament that provides a legal basis for the privacy and protection of data of UK citizens and businesses. Data disclosed by a party to another party may only be used for the specific purposes it was disclosed for. The data can only be kept for an appropriate length of time and must not be disclosed to other parties (without consent of data owner). The Act provided for a regulatory authority, the Data Protection Registrar, to oversee implementation of and adherence to the Act.

It was followed up by the Data Protection Act 1998, actually an implementation of European Union Directive 95/46/EC which, amongst other measures, expanded the remit of the DPR and renamed the position to the Data Protection Commissioner.

Most recently, the Freedom of Information Act 2000 further expanded the rôle to include freedom of information and the job title was changed to Information Commissioner.

The UK DPA has a reputation for complexity. While the basic principles are lauded for protecting privacy, interpreting the act is not always simple.

Data Protection Principles

Personal data must be -

1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.

External links

• The Data Protection Act Explained (http://www.dataprotectionact.org)