DPA Data Protection Act (UK)
The Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR). It governs how personal information is used by organizations, businesses, or the government.
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- Race
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- Genetics
- biometrics (where used for identification)
- Health
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
The Consumer Rights
The right to find out and control what information the government and other organizations store about you. Including the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances