The first Data Protection Act was passed in 1984 and established the basic principles.
The current Act is the 1998 Data Protection Act, which complies with a European directive to facilitate the transfer of information within the European Union.
The main difference between the original and the current legislation is that manually held records are now included. The original Act only applied to data processed by automatic means (generally meaning by computerised methods).
The aim of the law is to prevent people or organisations from holding and using inaccurate information on individuals, whether this information is relating to private lives or business.
It is also designed to give the public confidence about the use of their personal information and to ensure that they have the legal right to check the information being held about them.
The Act requires firms to keep people’s personal data safe and secure and to ensure that it is not misused.
The legislation applies to any entity which uses or holds personal data on individuals. It requires the data user or holder to register with the Information Commissioner, as will be explained later.
Breaches of Data Protection legislation are criminal offences and can result in severe penalties, as are also detailed later in the course.