United Kingdom Encyclopedia of Law     Wiki Legal Encyclopedia (BETA)
What do you need to know about law? Search in more than 1.500.000 entries

Data Protection in United Kingdom

Definition of Data Protection

In accordance with the work A Dictionary of Law, this is a description of Data Protection : Safeguards relating to personal data, i.e. personal information about individuals that is stored on a computer and on “relevant manual filing systems”. The principles of data protection, the responsibilities of data controllers (formerly data users under the Data Protection Act 1984), and the rights of data subjects are governed by the Data Protection Act 1998, which came into force on 1 March 2000.

The 1998 Act extends the operation of protection beyond computer storage, replaces the system of registration with one of notification, and demands that the level of description by data controllers under the new Act is more general than the detailed coding system required under the Data Protection Act 1984. Under the 1998 Act, the eight principles of data protection are:

(1) The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.

(2) Personal data shall be held only for specified and lawful purposes and shall not be used or disclosed in any manner incompatible with those purposes.

(3) Personal data held for any purpose shall be relevant to that purpose and not excessive in relation to the purpose(s) for which it is used.

(4) Personal data shall be accurate and, where necessary, kept up to date.

(5) Personal data held for any purpose shall not be kept longer than necessary for that purpose.

(6) Personal data shall be processed in accordance with the rights of data subjects.

(7) Appropriate technical and organizational measures shall be taken against unauthorized and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

(8) Personal data shall not be transferred to a country or territory outside the European Community area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Data controllers must now notify their processing of data (unless they are exempt) with the Information Commissioner via the telephone, by requesting, completing, and returning a notification form, or by obtaining such a form from the website (http://www.dpr.gov.uk/notify/1.html). Notification is renewable annually; a data controller who fails to notify his processing of data, or any changes that have been made since notification, commits a criminal offence.

The Information Commissioner can seek information (via an information notice) and ultimately take enforcement action (via an enforcement notice) against data controllers for noncompliance with their full obligations under the 1998 Act. Appeals against decisions of the Information Commissioner may be made to the Data Protection Tribunal, which comprises a chairperson and two deputies (who are legally qualified) and lay members (representing the interests of the data controllers and the data subjects). There are other strict liability criminal offences under the 1998 Act other than non-notification. They include (1) obtaining, disclosing (or bringing about the disclosure), or selling (or advertising for sale) personal data, without consent of the data controller; (2) obtaining unauthorized access to data; (3) asking another person to obtain access to data; and (4) failing to respond to an information and/or enforcement notice.

Data subjects have considerable rights conferred on them under the 1998 Act. They include: (1) the right to find out what information is held about them; (2) the right to seek a court order to rectify, block, erase, and destroy personal details if these are inaccurate, contain expressions of opinion, or are based on inaccurate data; (3) the right to prevent processing where such processing would cause substantial unwarranted damage or substantial distress to themselves or anyone else; (4) the right to prevent the processing of data for direct marketing; (5) the right to compensation from a data controller for damage or damage and distress caused by any breach of the 1998 Act; and (6) the right to prevent some decisions about data being made solely by automated means, where those decisions are likely to significantly affect them.


See Also

Further Reading

Buy your Vintage Company Today

A vintage ready made (or vintage off the shelf) company is one that has already been formed at Companies House a long time ago; a registered company with a company number available for immediate use.
  • UP TO DATE. All our vintage ready-made companies are up to date, with dormant statutory filing.
  • AVAILABLE IMMEDIATELY. Company number is available for immediate use.
  • COMPETITIVE PRICES. Vintage company prices vary depending on date of formation, but we have the best prices.
Prices by year of formation:
  • 17-Jun-03: £4.900
  • 25-Jun-03: £4.900
  • 30-sep-03: £4.800
  • 04-Jan-05: £3.900
  • 17-Oct-05: £3.700
  • 17-Oct-05: £3.700
  • 13-Jul-07: £2.900
If you would like to buy 3 UK Vintage Shelf Companies or more, we would like to offer you discounts on net prices. Contact us to law@braxton.uk.com.

Law is our Passion

This entry about Data Protection has been published under the terms of the Creative Commons Attribution 3.0 (CC BY 3.0) licence, which permits unrestricted use and reproduction, provided the author or authors of the Data Protection entry and the Encyclopedia of Law are in each case credited as the source of the Data Protection entry. Please note this CC BY licence applies to some textual content of Data Protection, and that some images and other textual or non-textual elements may be covered by special copyright arrangements. For guidance on citing Data Protection (giving attribution as required by the CC BY licence), please see below our recommendation of "Cite this Entry".

Cite this entry

Legal Citations Generator

(2015, 06). Data Protection lawi.org.uk Retrieved 01, 2021, from https://lawi.org.uk/data-protection/

06 2015. 01 2021 <https://lawi.org.uk/data-protection/>

"Data Protection" lawi.org.uk. lawi.org.uk, 06 2015. Web. 01 2021. <https://lawi.org.uk/data-protection/>

"Data Protection" lawi.org.uk. 06, 2015. Accesed 01 2021. https://lawi.org.uk/data-protection/

MacCallum, 'Data Protection' (lawi.org.uk 2015) <https://lawi.org.uk/data-protection/> accesed 2021 January 16

Usage Metrics

542 Views. 439 Visitors.

Google Scholar: Search for Data Protection Related Content


Schema Summary

  • Article Name: Data Protection
  • Author: MacCallum
  • Description: Definition of Data Protection In accordance with the work A Dictionary of Law, this is a description of Data Protection : [...]

This entry was last updated: November 4, 2020



Data Protection

Recent Comments