The Data Protection Act 1998

Question 1

What is the Data Protection Act (DPA) 1998?

Answer 1

It is a law designed to protect personal data stored on computers or in an organised paper filing system.

It was created to protect individuals from misuse of this data.

Question 2

Why is data protection important?

Answer 2

Good practice for organisations

Prevents fraud and cybercrimes

Prevents harm

Promotes trust

Avoids fines

Question 3

What are the 8 key aspects of the DPA 1998?

Answer 3

Processed fairly and lawfully

Used only for the purposes for which it was intended

Adequate and relevant but not excessive

Accurate and kept up to date

Kept for no longer than necessary

Processed in line with the rights of the individual

Secured

Not transferred to other countries outside of the EU

Question 4

What is the General Data Protection Regulations (GDPR)?

Answer 4

In May 2018 the government updated the DPA after 20 years.

It controls how your personal data is used by an organisation.

This was due to an increased use of the internet and social media within organisations.

Question 5

What are the 7 principles of GDPR?

Answer 5

Fairness, lawfulness, transparency

Purpose limitation

Data minimization

Accuracy

Storage limitation

Integrity and confidentiality

Accountability

Question 6

What does GDPR mean for service users?

Answer 6

Stronger legal protection for more sensitive information

Find out and access what information organisations hold about them

Be informed about how their data is used

Have incorrect data updated

Have data erased

Object to how data is being processed

Question 7

What does GDPR mean for service providers?

Answer 7

All organisations that collect or use personal data must comply with GDPR

Take the right steps to protect data and identify risks to privacy

Consider if the person needs to give their consent for them to use the data

Decide if they need to appoint a data protection officer

Report any security breaches