Data Protection Act 1998

Question 1

Name the 8 principles.

Answer 1

1. Collected and processed fairly and lawfully.
2. Collected and used only for specified and lawful purpose(s).
3. Adequate, relevant and not excessive.
4. Accurate and up-to-date.
5. Kept no longer than necessary.
6. Processed in accordance with rights of data subjects.
7. Kept secure.
8. Not transferred outside EU unless adequate levels of protection.

Question 2

Who are the 4 people involved in the DPA?

Answer 2

• Information Comissioner - Data must be registered to this person before it can be gathered. Is a non-departmental public body which reports directly to Parliament.
• Data Controller - Person in a company who decides what data should be collected.
• Data Subject - Person who the data is held about.
• Data user - Person who uses the data.

Question 3

What is personal data?

Answer 3

Data about a living individual which may identify them.

e.g:

• Name.
• Address.
• Medical details or banking details.

Sensitive personal data includes one or more details of a data subject’s:

• Racial or ethnic origin.
• Political opinions.
• Religion.
• Membership of a trade union.
• Health.
• Sex life.
• Criminal activity.

Question 4

What are your rights?

Answer 4

• You can see and request personal data - however, this may come at a fee.
• You can request data is deleted.
• You can claim compensation if data is not removed.