• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

The Data Protection Act

Extracts from this document...

Introduction

The Data Protection Act contains eight Data Protection Principles. These state that all data must be: - Processed fairly and lawfully - Obtained & used only for specified and lawful purposes - Adequate, relevant and not excessive - Accurate, and where necessary, kept up to date - Kept for no longer than necessary - Processed in accordance with the individuals rights (as defined) - Kept secure - Transferred only to countries that offer adequate data protection The legislation underpinning these principles is extremely complex. It is not suitable for direct devolution to all the (lay) staff/managers who may have responsibility for personal data. Nor does it, on its own, provide a measure of compliance. Hence the need for supporting products and information. Terms and definitions. PERSONAL DATA- In this Act, unless the context otherwise requires- "data" means information which- (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose, (b) is recorded with the intention that it should be processed by means of such equipment, (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, or (d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68; "data controller" means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed; "data processor", in relation to personal data, means any person (other than an employee of the data controller) ...read more.

Middle

DATA SUBJECT- References in this Act to the data protection principles are to the principles set out in Part I of Schedule 1. (2) Those principles are to be interpreted in accordance with Part II of Schedule 1. (3) Schedule 2 (which applies to all personal data) and Schedule 3 (which applies only to sensitive personal data) set out conditions applying for the purposes of the first principle; and Schedule 4 sets out cases in which the eighth principle does not apply. (4) Subject to section 27(1), it shall be the duty of a data controller to comply with the data protection principles in relation to all personal data with respect to which he is the data controller. DATA CONTROLLER- Except as otherwise provided by or under section 54, this Act applies to a data controller in respect of any data only if- (a) the data controller is established in the United Kingdom and the data are processed in the context of that establishment, or (b) the data controller is established neither in the United Kingdom nor in any other EEA State but uses equipment in the United Kingdom for processing the data otherwise than for the purposes of transit through the United Kingdom. (2) A data controller falling within subsection (1)(b) must nominate for the purposes of this Act a representative established in the United Kingdom. (3) For the purposes of subsections (1) and (2), each of the following is to be treated as established in the United Kingdom- (a) ...read more.

Conclusion

(2) A notification under this section must specify in accordance with notification regulations- (a) the registrable particulars, and (b) a general description of measures to be taken for the purpose of complying with the seventh data protection principle. (3) Notification regulations made by virtue of subsection (2) may provide for the determination by the Commissioner, in accordance with any requirements of the regulations, of the form in which the registrable particulars and the description mentioned in subsection (2)(b) are to be specified, including in particular the detail required for the purposes of section 16(1)(c), (d), (e) and (f) and subsection (2)(b). (4) Notification regulations may make provision as to the giving of notification- (a) by partnerships, or (b) in other cases where two or more persons are the data controllers in respect of any personal data. (5) The notification must be accompanied by such fee as may be prescribed by fees regulations. (6) Notification regulations may provide for any fee paid under subsection (5) or section 19(4) to be refunded in prescribed circumstances. Exemtions EXEMPTION FROM SECTION 22 19. Processing which was already under way immediately before 24th October 1998 is not assessable processing for the purposes of section 22. Offences Under The Act (1) If section 17(1) is contravened, the data controller is guilty of an offence. (2) Any person who fails to comply with the duty imposed by notification regulations made by virtue of section 20(1) is guilty of an offence. (3) It shall be a defence for a person charged with an offence under subsection (2) to show that he exercised all due diligence to comply with the duty. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. The Data Protection Act 1998 - questions and answers

    employees, what type of information is held, where you intend to get the information from and who you intend to disclose it to. How much does it cost? Registration under the 1984 Act costs �75 for three years. This may change under the 1998 Act as notification is likely to

  2. Data Protection Act

    It was passed in order to protect the rights of individuals who have data relating to them stored on computers file by an organisation or the owner of the data. The rapid development in the use of information and communication technology has led to legislation about the collection, storage, processing and distribution of personal data.

  1. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    Hacking also became much more dangerous as it allowed people access to data which could be extremely important and fatal to be in the hands of someone that it doesn't belong to. For example, a hacker could add a 'key logging' virus which essentially logs all the keys pressed and sends it back to the hacker.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    The act should state the protection type needed for all the different data types that can be stored. Some of these data may be highly crucial, which may need to be highly secured and some of them maybe minimally vital, which may need less protection.

  1. ICT - Data Protection

    It just makes them follow rules. The people involved 1. The Information Commissioner is the person (and her office) who has powers to enforce the Act. 2. A data controller is a person or company that collects and keeps data about people. 3. A data subject is someone who has data about them stored somewhere, outside their direct control.

  2. The legislation that protects individuals and groups from the misuse of ICT

    The employer should also be forced to take the statutory responsibility more serious, bigger penalties and punishments should be introduced to deter organisations spending a small amount of money to ensure the welfare and safety of its employees. It should also be made compulsory that every year every member of

  1. Data Protection Act

    your child and that we are sending this to the school database. This sheet would be used to find out things like medical reasons and contact numbers. The school will need to send out copies of this sheet to ensure that it is correct.

  2. Data protection act

    The law also stops trade marked and copyrighted information or designs, for example Microsoft. The law also says that if you copy something say of a book or the internet you must put a quote saying where it's from.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work