Data protection

Topic Index
Data protection principles
Rights of individuals
Subject access requests
Powers of the Information Commissioner
Employment Practices Data Protection Code



  • Personal data held on computers or in manual records is regulated by the Data Protection Act 1998 (DPA).
  • The DPA controls how personal data is stored and used and it provides powers to ensure that the people in control of personal data comply with the law.
  • In the context of employment, the DPA applies to any data that employers might collect and retain about individuals who wish to, have worked or currently work for them.
  • All organisations must comply with the 8 data protection principles.
  • A distinction is made between personal data and sensitive personal data.
  • Personal data relates to an individual – the 'data subject' – who can be identified from that data.
  • Sensitive personal data is personal data containing information on: race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, or the commission or alleged commission of a criminal offence.
  • The Information Commissioner can issue substantial fines - civil monetary penalties - against data controllers for deliberate or reckless breaches of data protection law.
  • In 2018 significant changes will be made to the UK regime of data protection by the EU General Data Protection Regulation.
The full version of this article is available to subscribers only. To read the full article you must sign in.
Or Subscribe
Find out more about subscription