How the Data Protection Act works

The Data Protection Act was developed to give protection and lay down rules about how data about people can be used.

The 1998 Act covers information or data stored on a computer or an organised paper filing system about living people.

The basic way it works is by:

  1. setting up rules that people have to follow
  2. having an Information Commissioner to enforce the rules

It does not stop companies storing information about people. It just makes them follow rules.

The roles of those involved

Data controller, data subject and data commissioner
  1. The Information Commissioner is the person (and his or her office) who has powers to enforce the Act.
  2. A data controller is an organisation or individual (for example, when self-employed) who determines what data the organisation collects, how it is collected and how it is processed.
  3. A data subject is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers. This makes us all data subjects as there can be few people in the UK who do not feature in computer records somewhere.