Skip to content

Data Protection Act (1988)

The Data Protection Act of 1988 dictates how personal information can be used by businesses, government, and individuals - to ensure that it is used fairly and lawfully, with sufficient security.

Preface

As a member state of the European Union, the United Kingdom has to have legislation that is compliant with EU Directive’s – the directive responsible for the Data Protection Act is the aptly-named Data Protection Directive. The purpose of the directive is to ensure there is sufficient data protection within the European Economic Area.

With the introduction of the World Wide Web, many have taken to making their service available through through 'the web' - giving convenience to consumers, but making it all the more difficult to enforce Data Protection laws worldwide - as they say, "a chain is only as strong as its weakest link".

This presents a challenge not only for enforcing the Data Protection Act, but in the fact that it was designed in a time prior to the World Wide Web. Hence there have been plenty of revisions to the legislation introduced since 1988. Perhaps most notably, the European Union identified that the Data Protection Directive and domestic legislation in some EU member states fell short - leading to their development of the General Data Protection Regulation, not a directive - but applicable legislation in every EU member state. The GDPR has been designed for modern times, taking into account the World Wide Web and the pains involved having data spread all over the world.

The General Data Protection Regulation (GDPR) will come into effect in May 2018.

Principles

The act is based on a number of principles, inherited from the Data Protection Directive.

  • Data should be used fairly, and in compliance with the law.
  • Data should only be used for the purposes specified.
  • Data should be adequate, and should not be excessive for the purposes specified.
  • Data should be accurate.
  • Data should not be kept any longer than is required.
  • Data should be handled in accordance with people's rights.
  • Data should be kept safely and securely.
  • Data should only be transferred within the European Economic Area, or to an area with adequate protection.

See Also

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Mozilla Public License 2.0.