Data Protection
The Data Protection Act (DPA) controls the collection, storage and processing of personal data.
- In the UK, European Union’s General Data Protection Regulation (GDPR)
- Protects personal data whether stored on paper or a computer system
Principles of the Data Protection Act
- Data must be processed lawfully, fairly, and transparently, with clear consent from the individual
- Data should only be collected for specific, explicit, and legitimate purposes
- Organisations should only collect and retain the minimum amount of personal data necessary for their stated purpose.
- Data should be accurate and kept up-to-date, and reasonable steps must be taken to rectify or erase inaccurate information
- Personal data should not be kept for longer than necessary, and it should be securely deleted when no longer needed
- Organisations must protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage
Why is Data Protection Legislation Required?
- Protecting Individual Rights: Data protection legislation safeguards individuals' right to privacy and control over their personal information
- Preventing Misuse of Personal Data: It helps prevent unauthorised access, identity theft, fraud, and other forms of data misuse
- Promoting Trust: Data protection laws build trust between individuals and organisations by ensuring their personal information is handled responsibly
- Encouraging Responsible Data Handling: Legislation promotes responsible data collection, storage, and processing practices among organisations
- Enabling Data Subject Rights: Legislation grants individuals rights such as access to their data, right to rectification, erasure, and objection to processing