Data Protection Act

The Data Protection Act 1998 which replaced the 1984 Act received Royal assent on 16th July 1998 and came fully into force in 1999.

As with the 1984 Act, the Act gives legal rights to individuals (data subjects) in respect of personal data held about them. The Act gives effect in UK law to EC Directive 95/46/EC (the Directive).

Purpose of the Act

The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.

This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.

They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the Act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Data Protection Commissioner for an assessment to be made of the data controller if they feel that the Act has been contravened.

For further information on the Data Protection Act and the Act itself please visit the website of the Information Commissioner using the link in the "Useful websites" panel.

A statement on the National Fraud Initiative Fair Processing requirement is available in the "Downloads" panel to the right.