Please enable JavaScript.
Coggle requires JavaScript to display documents.
Data Protection Act 1998 (Principles of the DPA, in order to comply with…
Data Protection Act 1998
-
Requires member states to protect the privacy rights and freedoms of individuals in the processing of personal date
The DPA is applicable whenever a data controlled processes personal and/or personal sensitive personal data
Processing is a wide definition which could include obtaining, storing, retrieving and more of personal data by a computer or by recording it in a structured manual filing system
Under the DPA, organisations which process data are required to notify the relevant authority (the Information Commissioner) of the purpose of processing the data and the manner in which they process it
-
Data controllers who wish to process sensitive personal data must also satisfy at least one of the conditions detailed within the DPA eg the controller must have the explicit consent of the individual, must be required by law to process the data (eg for employment purpose) or the processing must take place in order to protect the vital interests of the data subject
Principles of the DPA, in order to comply with the DPA, a data controller must adhere to these
-
-
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
-
Personal data processed shall not be kept for longer than is necessary for the purpose for which it was processed
-
Appropriate measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
Personal data shall not be transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects
-
-
Personal Data: Data that relates to a living individual (the data subject) who can be identified from that data
-