This snapshot, taken on
11/08/2011
, shows web content acquired for preservation by The National Archives. External links, forms and search may not work in archived websites and contact details are likely to be out of date.
 
 
The UK Government Web Archive does not use cookies but some may be left in your browser from archived websites.

Guide to data protection – definitions, principles and practical examples

Data protection guide

The principles of the Data Protection Act in detail

This Guide explains the purpose and effect of each principle, and gives practical examples to illustrate how the principles apply in practice. We hope that, by answering many frequently asked questions about data protection, the Guide will prove a useful source of practical advice to those who have day-to-day responsibility for data protection.

Alternatively, you can download a pdf version of the Guide.

.

Key definitions of the Data Protection Act

Who has rights and obligations under the Data Protection Act? When do you 'process personal data'?

Data protection principles

The eight principles to the Data Protection Act.

Processing personal data fairly and lawfully (Principle 1)

What is fair processing? Is it fair to disclose personal data to others? What is a privacy notice?

Processing personal data for specified purposes (Principle 2)

How should you specify your purpose for obtaining personal data? What if your original purpose changes?

Information standards (Principles 3, 4 and 5)

What do information standards mean?

The rights of individuals (Principle 6)

What rights do individuals have in relation to the personal data you hold about them?

Information security (Principle 7)

Find out how to decide what approach to take to the security of the personal data you hold. What kind of security measures might be appropriate?

Sending personal data outside the European Economic Area (Principle 8)

Find out if you can send personal data outside the European Economic Area (EEA). What conditions apply to transfers of personal data overseas?

The conditions for processing

What conditions do you need to satisfy before you can process personal data? What purposes can you process personal data for? How important is it to obtain consent?

Exemptions

What are the exemptions from notification? When can you withhold information from individuals? When can you disclose personal data to third parties?

FAQs

Read all our FAQs

Useful Resources

  • Legislation

    Read the full text of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

  • Topic guides for organisations

    We receive a lot of queries about the same topics, so have created the pages listed below to provide information which may be useful to your organisation.

  • Subject access requests: how do I respond?

    Subject access requests allow individuals to request a copy of any personal information held on them by public authorities.