What is the Data Protection Act?

Enquire now

The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It protects people and lays down rules about how data about people can be used by organisations, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulations (GDPR).

The DPA also applies to information or data stored on a computer or an organised paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.

Why is the Data Protection Act important?

The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including:

  1. Regulating the processing of personal data
  2. Protecting the rights of the data subject
  3. Enabling the Data Protection Authority (The ICO) to enforce rules
  4. Holding organisations liable to fines in the event of a breach of the rules

The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the 'data protection principles' that all organisations collecting and using personal information are legally required to comply with.

The law provides stronger protection for more sensitive information such as:

  • Ethnic background
  • Political opinions
  • Religious beliefs
  • Health
  • Sexual life
  • Criminal history

How can you successfully meet data regulation standards?

Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include:

  1. Regular evaluation of the quality of the data that you hold and are continuing to collect. Contact Data Validation and Data Cleansing are good ways of doing this.
  2. Ensuring you have the right roles and responsibilities set out for your data’s management including the focal point of a Data Protection Officer.
  3. Analysis and profiling of your data to identify any potential gaps or issues that could cause problems to arise.

How does the GDPR differ from the DPA?

An Experian guide to GDPR

Learn all about the incoming data regulations, the key elements and how you can thrive under them in our new white paper ‘Defining the data powered future’.