Data Protection Act

Organisations handling personal information

Under  the Data Protection Act 1998 all organisations handling personal information must comply with eight principles. Anyone who  processes personal information must make sure that the personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The Data Protection Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

The Data Protection Act 1998 and the Freedom of Information Act 2000

The Data Protection Act and the Freedom of Information Act give people rights to see or receive information:

  • The Data Protection Act allows you access to see personal information held by all organisations.
  • The Freedom of Information Act allows you to see official information held by public authorities.
Does the Data Protection Act apply in all circumstances where an organisation holds personal information?

The Act does not apply if the information an organisation holds about you is not held on computer or is not on paper and not sorted by reference to individuals.

Are there any circumstances under the Data Protection Act where an organisation does not have any legal obligations?

There are circumstances under the Data Protection Act where an organisation will not have any legal obligations.

Does the Data Protection Act apply where an organisation holds information relating to businesses; companies or other organisations?

No, unless the information is personal information.

Can I get a copy of the personal information that an organisation is holding about me?

You can get a copy of personal information that an organisation is holding about you provided that it is on computer or on paper and sorted by reference to individuals. 

How do I get a copy of the personal information that an organisation is holding about me?

Make your request in writing to the person or organisation who is holding it.

Fee

An organisation can charge you a fee for giving you a copy of your personal information.  But, there are rules and a limit on how much they can charge.

I believe that an organisation holds personal information about me which is inaccurate. What can I do about it?

Write to the organisation or person holding the information.   Keep a copy of your correspondence. You may need it if you make a complaint.

Customer complaint

If you are unhappy with the way an organisation has dealt with your complaint about personal information you have various options:

  • contact the Information Commissioner’s Office
  • write to your local Member of Parliament (MP)
  • take the matter to court.

The Information Commissioner’s Office 

The Information Commissioner’s Office is an independent authority. It promotes openness of official information and protection of private information.  The Information Commissioner’s Office has legal powers to ensure that organisations comply with the Data Protection Act.