Data Protection Act 2018
The Data Protection Act 2018 (c 29) is a law passed by the British government in 2018, and replaces the one passed in 1998.
Long title | An Act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of practice; and for connected purposes. |
---|---|
Territorial extent | United Kingdom of Great Britain and Northern Ireland |
Dates | |
Royal Assent | 23 May 2018 |
Commencement | May 2018 |
Status: Current legislation | |
Text of the Data Protection Act 2018 as in force today (including any amendments) within the United Kingdom, from legislation.gov.uk. |
It sets out rules for people who use or store data about living people and gives rights to those people whose data has been collected. The law applies to data held on computers or any sort of storage system, even paper records.
The law covers personal data which are facts like your address, telephone number, e-mail address, job history etc.
People who use the information are called data controllers. People who the data is about are called data subjects.
Main points of the Data Protection Act
This is a brief simplified summary of the main principles of the UK Data Protection Act.
This applies to information kept on staff, customers and account holders, for example;
- If you collect data about people for one reason, you must not use it for a different reason;
- You must not give people's data to other people or organisations unless they agree;
- People have the right to look at data that any organisations store about them;
- You must not keep the data for longer than you need to and it must be kept up to date;
- You must not send the data to places outside of the European Economic Area unless adequate levels of protection exist;
- Organisations that store data about people must register with the Information Commissioner’s Office;
- If you store data about people you must make sure that it is secure and well protected;
- If an organisation has data about you that is wrong, then you have a right to ask them to change it.