Why is Anwalt Hattingen for your organisation to comply with the Information protection Act?
The Data Protection Act 1998 (“DPA”), lays down eight data protection principles that any organisation processing data of individuals will have to comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on information protection into UK law introducing radical adjustments to the way in which individual data concerning identifiable living men and women can be used. The constant will need for organizations to approach private information implies that the DPA impacts upon most organisations, irrespective of size. Furthermore, the public’s developing awareness of their proper to privacy implies that data protection will remain an crucial challenge.
The DPA tends to make a distinction amongst private information and private sensitive information. Personal data involves private data relating to employees, customers, business contacts and suppliers. Sensitive data covers an individual’s ethnic origin, medical circumstances, sexual orientation and eligibility to perform in the UK . The information protection principles set out the requirements which an organisation ought to meet when processing private information. These principles apply to the processing of all individual data, no matter if those information are processed automatically or stored in structured manual files.
What is information?
Information means information which is processed by laptop or other automatic gear, like word processors, databases and spreadsheet files, or facts which is recorded on paper with the intention of becoming processed later by personal computer or information and facts which is recorded as aspect of a manual filing system, where the files are structured according to the names of individuals or other qualities, such as payroll quantity, and exactly where the files have adequate internal structure so that certain data about a specific individual can be discovered easily.
What are the eight data protection principles?
The eight data protection principles are as follows:
Private data need to be processed pretty and lawfully
Individual data need to be obtained only for specified and lawful purposes and have to not be processed further in any manner incompatible with those purposes
Personal information have to be adequate, relevant and not excessive in relation to the purposes for which they have been collected
Private data should be precise and, where required, kept up to date
Private information should not be kept longer than is vital for the purposes for which they were collected
Private data ought to be processed in accordance with the rights of data subjects
Private data have to be kept safe against unauthorised or unlawful
processing and against accidental loss, destruction or harm
Personal information ought to not be transferred to countries outdoors the European
Financial Region unless the nation of location supplies an sufficient level of information protection for these information.
What information comprises individual data?
Private information relates to data of living men and women who can be identified from those information, or from these information and other facts which is in the possession of the information controller or which is probably to come into its possession for example, names, addresses and household telephone numbers of employees.
What data comprises sensitive information?
Personal Sensitive data (“sensitive information “) consist of facts relating to a information subject’s (people):
racial or ethnic origin
religious beliefs or other related beliefs
trade union membership
physical or mental overall health or situation
commission or alleged commission of any offences convictions or criminal proceedings involving the data topic.
convictions or criminal proceedings involving the information subject.
What is the meaning of processing under the DPA?
The definition of ‘processing’ is really broad. It covers any operation carried out on the data and contains, acquiring or recording information, the retrieval, consultation or use of information, the disclosure or otherwise making offered of information.
Who is a data controller?
A ‘data controller’ is any individual who (alone or jointly with other individuals) decides the purposes for which, and the manner in which, the individual data are processed. The information controller will as a result be the legal entity which exercises ultimate handle over the individual data. Individual managers or staff are not data controllers.
The data controller is responsible for:
Individual data about identifiable living people
Deciding how and why private data are processed
Information handling – complying with the eight data protection principles
Acquiring “information subjects” consent for processing sensitive information
Current procedures for handling sensitive or private information
Security measures to safeguard individual data
Who is a information processor?
A ‘data processor’ is a individual or organisation who processes the data on behalf of the data controller, but who is not an employee of the information controller.
Who is a information subject?
A ‘data subject’ is any living individual who is the subject of private data. There are no age restrictions on who qualifies as a information subject, but the definition does not extend to men and women who are deceased.
Are we essential to notify? What does notification mean?
An organisation ought to not process any individual information unless it has initially notified the Information and facts Commissioner of certain particulars, such as:
the organisation’s name and address
the purposes for which the information are to be processed
any proposed recipients of the data
nations outside the European Financial Region to which the data may be disclosed.