Written by:
Our posts contain affiliate links. Sometimes, not always, we may make $$ when you make a purchase through these links. No Ads. Ever. Learn More
Table of Contents_
Internet users concerned with consumer privacy policies and data protection rights should understand the scope of the data protection 1998 act. Parliament updated the Data Protection Act 1998 in 2018 to match European data protection laws, expanding accountability and consent requirements. That said, you can find many of the basic principles of the GDPR 2018 in the 1998 data protection law. So, keep scrolling to learn what is the Data Protection Act 1998.
KEY TAKEAWAYS:
For more information, read up on what the Data Protection Act covers, how to register under the DPA, what enterprise data protection is, the problems with net neutrality, and Microsoft’s AIP vs DLP.
Insider Tip
Consumers based in the UK and EU can submit a Data Subject Access Request (DSAR) to see what information private, and public bodies have about them.
The DPA 1998 refers to individuals whose personal data is being collected as data subjects. The eight data protection principles in the DPA 1998 are designed to ensure that subject data is processed fairly and used for lawful purposes. Additionally, these guidelines apply to official authorities, health services, and private companies.
Companies must obtain explicit consent to collect subject data and only use it for lawful purposes. The DPA includes a Fair Processing Notice that requires data-collecting organizations to disclose who they are, what the data is for, and who can access the data.
Data collectors cannot use subject data for unlawful purposes or unfair business practices. Additionally, information should not be used for purposes other than the reason disclosed to data subjects.
Entities should only collect the subject data they need for their intended and disclosed business goals. In other words, companies should only collect the minimum amount of data for their stated purpose. For example, a company should not store your name, credit card, or phone number if all they need is your email address.
Subject data must be accurate, and companies must delete the data when it is no longer up to date. All inaccurate and outdated information must be deleted, and it is no longer eligible for business or marketing purposes.
Companies cannot keep subject data for longer than necessary to accomplish the originally intended purpose. This principle places a limit on how long data processors can keep personal data.
Companies that collect personal data must respect the rights of individuals over their own information. Additionally, data processors must prevent damaging processing, direct marketing, and direct marketing. Organizations must correct inaccurate data and grant access to data subjects.
Warning
Companies that process personal data without explicit consent or fail to implement adequate privacy practices are subject to legal proceedings and fines.
This principle states that data controllers must prevent subject data’s accidental damage, destruction, or loss. Additionally, they must prevent unlawful and unauthorized access to subject data.
Companies cannot transfer information outside of the EU unless the destination territory guarantees similar subject data rights and regulations.
STAT: A 2019 Pew Research Center survey showed that 81% of Americans thought the potential risk of companies collecting data outweighs the benefits. (source)
References: