Data Protection Act

From TRCCompSci - AQA Computer Science
Revision as of 15:38, 18 March 2019 by 000031013 (talk | contribs)
Jump to: navigation, search

The Data Protection Act

Data.jpg

The data protection act is in place to protect peoples data which is stored on servers and on companies computers.

The Data Protection Act states that:

  • If you collect data, you must not use it for a different reason.
  • You must not share data with external sources.
  • People have the right to see data about themselves.
  • You must not keep data for longer than you need to and it must be up-to-date.
  • You must not send data outside the European Economic Area (EEA) to an area with lower protection.
  • People who store data must be registered with the Information Commissioner’s Office (ICO).
  • If you store data, the data must be protected and safe.
  • If companies have information about you that is wrong, it is your right to as them to change it.

Your right to view/request

  • You can ask the organisation you think is holding, using or sharing the personal information you want, to supply you with copies of both paper and computer records and related information.
  • Data requests are fulfilled by an appointed data controller at an organisation.
  • Organisations may charge a fee of up to £10 (£2 if it is a request to a credit reference agency for information about your financial standing only).
  • There are special rules that apply to fees for paper based health records (the maximum fee is currently £50) and education records (a sliding scale from £1 to £50 depending on the number of pages provided).
  • However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.

GDPR (General Data Protection Regulation)

As of 2018, the Data Protection Act has changed. Alongside the laws that are already existing from the 1998 act, there are an additional few more points that have been amended, such as:

  • Penalties have gotten more strict. Companies can be fined up to €20,000,000 if data is not kept up to date and secure.