Data Protection Act

What Is The Data Protection Act

The Data Protection Act controls how your personal information is used by organisations, businesses or the government.

Everyone responsible for using data has to follow strict rules called ‘data protection principles’.

The Rules

  1. Data must be used fairly and lawfully
  2. Data must be used for limited, specifically stated purposes
  3. Data must be used in a way that is adequate, relevant and not excessive
  4. Data must be accurate
  5. Data must not be kept for no longer than is absolutely necessary
  6. Data must be handled according to people’s data protection rights
  7. Data must be kept safe and secure
  8. Data must not be transferred outside the UK without adequate protection



There is stronger legal protection for more sensitive information, such as:

  1. ethnic background
  2. political opinions
  3. religious beliefs
  4. health
  5. sexual health
  6. criminal records

Find out what data an organisation has about you

The Data Protection Act gives you the right to find out what information the government and other organisations stores about you.

Write to the organisation and ask for a copy of the information they hold about you. If you don’t know who to write to, address your letter to the company secretary.

The organisation is legally required to give you a copy of the information they hold about you if you request it.