The Data Protection Act 1998
The Data Protection Act is primarily there to protect personal information from being misused. As a UK organisation, you are legally obliged to comply with this Act, subject to some exemptions.
The Key Principles…
- Personal information should be kept for no longer than necessary.
- Individuals have a right to access any personal information held about them (with some legal exceptions)
- Companies holding personal information have a legal obligation to make sure it is secure, both technically and physically.
- Data can only be used for the specific purpose for which it was collected.
- Apart from some exceptions for companies that only do very simple processing (or non commercial use), all organisations processing personal information must register with the Information Commissioner’s Office.
- Data on an individual must not be disclosed to a 3rd party, without that individual’s consent, except in cases where there is a legitimate reason; i.e. prevention or detection of crime.
- Personal information may not be transmitted outside of the European Economic Area, without consent from said person or providing adequate protection is in place; e.g. Use of a prescribed form of contract to govern the transmission of data. (EEA)
At Linear Blue, we can make sure your database system has the appropriate security measures in place and complies with all relevant sections of the 1998 act.