Data Protection Act - Lakelands Computing

Title
Go to content
The Data Protection Act (2018)
Computers can hold huge amounts of data. Amongst that is going to be peoples personal data. Modern databases make that informaiton very easy to find. Such information could easily be misused - to help stop that happening the UK Government created the Data Protection Act in 1988. This was updated in 2018 to include the European GDPR (General Data Protection Regulation) rules. I use the word companies when explaining the principles but this applies equally to individuals and all organisations.

Here are the 6 basic principles

1) Data must be processed fairly, lawful and in a transparent way: companies must have a genuine , legitimate reason for collecting the data, they must tell you what they are going to use that data for and ask your explicit permission (consent)

2) Collected for Specified, Limited Purposes : Companies can only use the data for the purposoe they have told you / you have given permission for and nothing else

3) Minimal Data : Companies should collect the minimal (smallest amount of ) data that they need. For example if they need to send letters then name and address if fine, age, gender, email is not. Data must also be deleted when it is no longer needed.

4) Accurate and up to date : Data must be accurate, it must be kept up to date. It musy be easy to update and companies must do so when they find out it is inaccurate. Inaccurate data must be deleted.

5) Kept no longer than needed, and in a way that this can be easily identified : Data can only be kept while the company has a legitimate need for it (eg for an address they can keep it for as long as they need to send you letters). However data must be securely deleted when it is no longer needed (and must be stored in a way that this is easy to do). It must also be deleted when a customer asks it to be (right to be forgotten)

6) Kept secure Data must be kept safe and secure. It must be processed in a secure manner (includes any third parties doing such work) People must not be able to access the data with proper authorisation - that includes accessing them in a room, on a computer or by hacking. Data must be protected from accidental loss, destruction or damage. Put simply the company has to look after it - make sure no one sees it who shouldn't and make sure it can't be stolen or corrupted.
 
Demonstrable compliance:   Companies (and the people resposible for the data in them  [Data Controllers] ) must be able to demonstrate exactly how they are complying with(following) the above principles
All Text copyright Lakelands Academy & Mr T Purslow 2020.
All images copyright free / creative commons unless otherwise stated.
You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
All Text copyright Lakelands Academy & Mr T Purslow 2020.  All images copyright free / creative commons unless otherwise stated. You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
All Text copyright Lakelands Academy & Mr T Purslow 2020.  All images copyright free / creative commons unless otherwise stated. You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
Back to content