• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

The Data Protection Act

Extracts from this document...

Introduction

The Data Protection Act contains eight Data Protection Principles. These state that all data must be: - Processed fairly and lawfully - Obtained & used only for specified and lawful purposes - Adequate, relevant and not excessive - Accurate, and where necessary, kept up to date - Kept for no longer than necessary - Processed in accordance with the individuals rights (as defined) - Kept secure - Transferred only to countries that offer adequate data protection The legislation underpinning these principles is extremely complex. It is not suitable for direct devolution to all the (lay) staff/managers who may have responsibility for personal data. Nor does it, on its own, provide a measure of compliance. Hence the need for supporting products and information. Terms and definitions. PERSONAL DATA- In this Act, unless the context otherwise requires- "data" means information which- (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose, (b) is recorded with the intention that it should be processed by means of such equipment, (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, or (d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68; "data controller" means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed; "data processor", in relation to personal data, means any person (other than an employee of the data controller) ...read more.

Middle

DATA SUBJECT- References in this Act to the data protection principles are to the principles set out in Part I of Schedule 1. (2) Those principles are to be interpreted in accordance with Part II of Schedule 1. (3) Schedule 2 (which applies to all personal data) and Schedule 3 (which applies only to sensitive personal data) set out conditions applying for the purposes of the first principle; and Schedule 4 sets out cases in which the eighth principle does not apply. (4) Subject to section 27(1), it shall be the duty of a data controller to comply with the data protection principles in relation to all personal data with respect to which he is the data controller. DATA CONTROLLER- Except as otherwise provided by or under section 54, this Act applies to a data controller in respect of any data only if- (a) the data controller is established in the United Kingdom and the data are processed in the context of that establishment, or (b) the data controller is established neither in the United Kingdom nor in any other EEA State but uses equipment in the United Kingdom for processing the data otherwise than for the purposes of transit through the United Kingdom. (2) A data controller falling within subsection (1)(b) must nominate for the purposes of this Act a representative established in the United Kingdom. (3) For the purposes of subsections (1) and (2), each of the following is to be treated as established in the United Kingdom- (a) ...read more.

Conclusion

(2) A notification under this section must specify in accordance with notification regulations- (a) the registrable particulars, and (b) a general description of measures to be taken for the purpose of complying with the seventh data protection principle. (3) Notification regulations made by virtue of subsection (2) may provide for the determination by the Commissioner, in accordance with any requirements of the regulations, of the form in which the registrable particulars and the description mentioned in subsection (2)(b) are to be specified, including in particular the detail required for the purposes of section 16(1)(c), (d), (e) and (f) and subsection (2)(b). (4) Notification regulations may make provision as to the giving of notification- (a) by partnerships, or (b) in other cases where two or more persons are the data controllers in respect of any personal data. (5) The notification must be accompanied by such fee as may be prescribed by fees regulations. (6) Notification regulations may provide for any fee paid under subsection (5) or section 19(4) to be refunded in prescribed circumstances. Exemtions EXEMPTION FROM SECTION 22 19. Processing which was already under way immediately before 24th October 1998 is not assessable processing for the purposes of section 22. Offences Under The Act (1) If section 17(1) is contravened, the data controller is guilty of an offence. (2) Any person who fails to comply with the duty imposed by notification regulations made by virtue of section 20(1) is guilty of an offence. (3) It shall be a defence for a person charged with an offence under subsection (2) to show that he exercised all due diligence to comply with the duty. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Peer reviewed

    The Data Protection Act

    4 star(s)

    medical records). I also have personal information held about me held in my bank's client database. It is very important that any of this information held about me is not shared with anyone who can misuse it, and who has no lawful reason to access it.

  2. Data Protection Act

    Ones of those is putting a screen in front of any VDU's. This is so that the workers don't damage their eye from continually looking at a screen. To check that the worker hasn't damaged their eyes they have regular eye tests.

  1. Data Protection Act

    It was passed in order to protect the rights of individuals who have data relating to them stored on computers file by an organisation or the owner of the data. The rapid development in the use of information and communication technology has led to legislation about the collection, storage, processing and distribution of personal data.

  2. The Data Protection Act 1998 - questions and answers

    employees, what type of information is held, where you intend to get the information from and who you intend to disclose it to. How much does it cost? Registration under the 1984 Act costs �75 for three years. This may change under the 1998 Act as notification is likely to

  1. 3E-The legislation that protects individuals and groups from the misuse of ICT

    be used when an individual living in Leyton consents and enables the organisation. If individuals information is used without there permission, then further action can be taken which could cause an organisation to perish. The law in place ensures safety and more confidentiality.

  2. Privacy and Data Protection: IT Law

    to the individual (opt-out).9 Data processors also invoke the Fifth Amendment, which guarantees the right to property, but this argument is even more controversial.10 II. Privacy Law in Europe: a comprehensive, general law 1.) The Directives The general opinion in Europe is that the legislator has a role in ensuring

  1. Legal Aspects of Using Information Technology

    the removal or correction of any inaccurate data about them The seventh principle requires data controllers to make sure that they have in place, 'adequate security and technical measure' to protect personal data from abuse, loss, destruction or damage. The purpose of the principle is to make sure that the

  2. Computer Legislation.

    * A person guilty of an offence under(section 2) shall be liable on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work