Data Protection Act definition

Definition :

The Data Protection Act controls how personal/customer information is used by organisations or by government bodies. The Data Protection Act has rules which require everyone who collects data to follow strict guidelines and data and privacy policies, whilst also keeping information safe.

The Data Protection Act's rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles'.

These principles require any organisation, corporation or governmental body that collects personal information to handle it safely. Anyone collecting personal and customer information must:

• Fairly and lawfully process it
• Process it only for limited, specifically stated purposes
• Use the information in a way that is adequate, relevant and not excessive
• Use the information accurately
• Keep the information on file no longer than absolutely necessary
• Process the information in accordance with your legal rights
• Keep the information secure
• Never transfer the information outside the UK without adequate protection

The Data Protection Act, states that all organisations collecting and using personal information are legally required to comply with these principles.

The law provides stronger protection for more sensitive information - such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history.

This data act is enforced by an independent information commissioner, who can take action against any company or governmental body that fails to protect their data, or that abuses its right to collect and hold that information.

Related information

• Find out how you can manage your data correctly, to ensure that you are compliant with the Data Protection Act. Visit our Contact Data Management page for further details.
• You can also read our Experian QAS, Privacy Policy.