Download presentation
Presentation is loading. Please wait.
1
The Data Protection Act 1998
2
What the Act covers The misuse of personal data
by organisations and businesses.
3
The terms used in the Act
You will need to be able to define each of the following terms: Personal data – data about a living identifiable person, which is specific to that person. Data subject – the living individual whom the personal information is about. Data holder/controller – the person whose responsibility it is in an organization to control the way that personal data is processed. Information Commissioner – the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.
4
Personal data Personal data is: data about an identifiable person;
who is living; and is specific to that person. Can include: date of birth, medical details, credit history, salary, qualifications, religious beliefs, etc.
5
Notification by the data holder
The Information Commissioner needs to know that an organization is processing personal information. Notification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed.
6
Subject access Subjects are able to see information held.
Purpose is to let them check it is correct. If information is wrong they can either: have the right to compensation if they have occurred loss or injury as a result; have the right to having the information changed or deleted.
7
Exemptions 1 Where data is used for personal, family or household use.
Where data is used for preparing text (e.g. references). Where data is being used for calculation of pay or pensions. Where data is being used for mailing lists provided only name and address details are stored.
8
Exemptions 2 Data used for the prevention or detection of crime.
Data used for the apprehension or prosecution of offenders. Data used for the assessment or collection of tax or duty.
9
The Data Protection Principles
The Data Protection Act 1998 contains eight Data Protection Principles. Anyone processing personal information has to process data according to these principles.
10
Principle 1 Personal data shall be processed fairly and lawfully.
11
Principle 2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
12
Principle 3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
13
Principle 4 Personal data shall be accurate and, where necessary, kept up to date.
14
Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
15
Principle 6 Personal data shall be processed in accordance with the rights of data subjects under this Act.
16
Principle 7 Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
17
Principle 8 Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.