What is happening in data protection 1988? Now that the Data Protection Act 1998 has been by the Data Protection Act 2018, a comparison can be between the two Acts. In this article, we will discuss the functions of data protection before.
Happening In Data Protection 1988
The Data Protection Act 1998 was a UK Act of Parliament that governs the processing. Also, storage of personal information about individuals.
It applies to any business that holds or processes information about people in the UK. Also, EU, regardless of where the business is headquartered.
The 1998 Act was from time to time, with the key amendments being the Data Protection Act 2018. Also, the Data Protection Act 1998 required that organizations register. It is with the Information Commissioner’s Office (ICO) if they held health records, and with the local police if they had more than one person working there.
In very simple terms, the Act was to protect personal information from being accidentally lost or abused by anyone who wanted to use it for their purposes.
This could include a company that sells personal information about you. It is to other companies (which could then trouble you with unwanted junk mail or even try to scam you), or an employee.
The main objectives of the Data Protection Act 1998 were
Personal data held on computer systems are by the Act and this is in s. 1(1). It excludes data in transit, data that has not been by a person. Also, it is for any purpose, data that is not information, and data in such a way that it cannot be decrypted.
Data subject: A person who is the subject of personal data.
Data controller: A person who determines how and why personal data are – for example, a company that collects information about its employees.
Principles of the Act
The Data Protection Act 1998 grew from European law and as such was a wide interpretation. The principles of the Act are;
Personal data. Processed fairly and lawfully. Also, collected only for specified, explicit, and legitimate purposes.
Adequate, relevant, and not excessive for the purposes for which they are processed. For example, it may be reasonable to keep payment details for several years, but not for a lifetime.
Accurate and up to date. For example, that person’s address should be the one on file with the electoral register or the Royal Mail’s National Change of Address service.
Not kept any longer than necessary in light of the purpose they were for or if they need to be to protect the subject’s vital interests.
For example, if you do not have a current email address, then it might be necessary to keep your old address on file for a certain period.
The Data Protection Act 1998 is to protect the privacy of individuals. It is to ensure that they are not subject to the misuse of their personal information.
This could be by an individual or by a third party such as a government agency or a large corporation.