This guide explains the principles of the Data Protection Act 2018 citation c 12. The UK Act of Parliament protects personal data stored in paper filing systems and on computers.
DPA PRINCIPLES: The guidelines control how your personal information gets stored and used. The government, businesses, and organisations must all follow the rules of the Data Protection Act.
Stronger legal protection applies to the most sensitive information such as an individual's:
Note: United Kingdom uses the Data Protection Act 2018 to update and implement the General Data Protection Regulation (GDPR).
Anyone who uses people's personal data must follow the strict 'data protection principles'. That means they have a duty to ensure that the information is:
The Data Protection Act 2018 gives individuals several rights. One of them allows you to find out what details the government and organisations store about you and use.
According to the laws on data protection, you have the right to:
Your rights also apply when an organisation uses your personal data for:
You can write to an organisation and ask them for a copy of the information that they hold about you. Address the letter to the Data Protection Officer (DPO) or company secretary if you are unsure who to send the letter to.
Note: If you request it, the law forces an organisation to give you a copy of the information that they hold about you. As a rule, you should get it without delay and no longer than one (1) month (unless there is a delay).
In some cases, organisations can withhold the information altogether from you. There is no requirement for them to inform you why they withhold it. Examples include situations that involve:
In most cases, organisations will not charge you a fee to provide the data information they store. But, some may make a charge to produce a large amount of information or if it is either:
The personal data that an employer can keep about an employee must be kept safe and up to date. The type of data that employers can keep about their employees (without requiring their permission) includes their:
Employers need permission from their employees to hold certain kinds of 'sensitive' data. Typical examples of data that employers need to keep more secure includes:
Employers have thirty (30) days to provide a copy of the information if an employee makes a request to check what data is kept about them. Personal data should not be kept longer than necessary and all employers must follow UK rules on data protection.
What if you believe your data got misused or an organisation holding it failed to keep it secure? In cases such as these you should contact the organisation and inform them.
What if you are not satisfied with their response? Contact the Information Commissioner's Office if you need any further advice. They also have an 'ICO live chat' facility if you prefer an online conversation.
Information Commissioner's Office (ICO) Helpline
Wycliffe House Water Lane
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday: 9am to 4:30pm
Check call charges to 0303 numbers.
Data Protection for Small Business | How enterprise must respond to the stay within the new GDPR laws.
Your Rights and the Law | A section of parliamentary regulations activated by authorized legal entities.
Note: The ICO can investigate your claim on your behalf. They can also take action against anyone who misuses personal data. The ICO website has further information on how to make a data protection complaint.
Data Protection Principles for Citizens Living in the United Kingdom