-
Btuto
- No Comments
Why is it important for your organisation to comply with the Information protection Act?
The Information Protection Act 1998 (“DPA”), lays down eight information protection principles that any organisation processing information of people have to comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on data protection into UK law introducing radical changes to the way in which personal information regarding identifiable living folks can be applied. The continual want for businesses to method personal information implies that the DPA impacts upon most organisations, irrespective of size. Additionally, the public’s increasing awareness of their ideal to privacy suggests that information protection will remain an significant problem.
The DPA tends to make a distinction involving personal information and personal sensitive information. Personal information involves private data relating to staff, clients, company contacts and suppliers. Sensitive data covers an individual’s ethnic origin, medical situations, sexual orientation and eligibility to function in the UK . The data protection principles set out the requirements which an organisation have to meet when processing private information. These principles apply to the processing of all individual information, whether or not those data are processed automatically or stored in structured manual files.
What is information?
Data means facts which is processed by computer or other automatic gear, such as word processors, databases and spreadsheet files, or information and facts which is recorded on paper with the intention of getting processed later by computer or info which is recorded as component of a manual filing program, exactly where the files are structured according to the names of individuals or other characteristics, such as payroll number, and exactly where the files have sufficient internal structure so that particular facts about a certain individual can be found quickly.
What are the eight data protection principles?
The eight data protection principles are as follows:
Personal information have to be processed relatively and lawfully
Personal information will have to be obtained only for specified and lawful purposes and must not be processed further in any manner incompatible with these purposes
Individual information need to be adequate, relevant and not excessive in relation to the purposes for which they were collected
Individual information ought to be precise and, exactly where important, kept up to date
Individual data have to not be kept longer than is necessary for the purposes for which they had been collected
Individual information need to be processed in accordance with the rights of data subjects
Private information will have to be kept safe against unauthorised or unlawful
processing and against accidental loss, destruction or harm
Personal information need to not be transferred to countries outside the European
Economic Location unless the country of destination delivers an adequate level of data protection for these data.
What data comprises private information?
Private data relates to data of living men and women who can be identified from these data, or from these information and other info which is in the possession of the information controller or which is likely to come into its possession for example, names, addresses and home telephone numbers of workers.
What data comprises sensitive information?
Individual Sensitive information (“sensitive data “) consist of info relating to a information subject’s (men and women):
racial or ethnic origin
political opinions
religious beliefs or other related beliefs
trade union membership
physical or mental wellness or condition
sexual orientation
commission or alleged commission of any offences convictions or criminal proceedings involving the information topic.
Court of protection Solicitors or criminal proceedings involving the data topic.
What is the which means of processing beneath the DPA?
The definition of ‘processing’ is quite broad. It covers any operation carried out on the data and contains, getting or recording data, the retrieval, consultation or use of information, the disclosure or otherwise generating out there of data.
Who is a data controller?
A ‘data controller’ is any person who (alone or jointly with others) decides the purposes for which, and the manner in which, the personal data are processed. The information controller will thus be the legal entity which exercises ultimate control over the personal data. Person managers or staff are not information controllers.
The information controller is accountable for:
Individual information about identifiable living folks
Deciding how and why private information are processed
Details handling – complying with the eight data protection principles
Acquiring “information subjects” consent for processing sensitive data
Current procedures for handling sensitive or individual information
Safety measures to safeguard personal information
Notification
Who is a data processor?
A ‘data processor’ is a particular person or organisation who processes the information on behalf of the data controller, but who is not an employee of the information controller.
Who is a information subject?
A ‘data subject’ is any living individual who is the topic of personal data. There are no age restrictions on who qualifies as a data topic, but the definition does not extend to folks who are deceased.
Are we expected to notify? What does notification imply?
An organisation ought to not procedure any personal information unless it has initially notified the Facts Commissioner of certain particulars, such as:
the organisation’s name and address
the purposes for which the information are to be processed
any proposed recipients of the information
nations outside the European Financial Area to which the information may possibly be disclosed.
No Comments