Navigation * Home / Consultancy / Data Protection Act 1998 (DPA)

Data Protection Act 1998 (DPA)

The Data Protection Act 1998 sets out rules for processing personal information, and it applies to some paper records as well as those held on computer.

The Act gives individuals certain rights, and imposes obligations on those who record and use personal information to be open about how information is used and to follow eight data protection principles:

Data Protection Principles

Personal data must be processed following these principles so that data are:

1. processed fairly and lawfully
2. obtained for specified and lawful purposes
3. adequate, relevant and not excessive
4. accurate and, where necessary, kept up-to-date
5. not kept for longer than necessary
6. processed in accordance with the subject's rights
7. kept secure
8. not transferred abroad without adequate protection

The Data Protection Act (DPA) 1998 has significant consequences for HE institutions, which collect a vast amount of personal data every year: staff records, names and addresses of those requesting prospectuses, examination marks, residence and catering information, references, information from applications, fee collection and other administrative functions, as well as some types of research data.

All computerised processing of personal data and many structured manual records are now subject to the provisions of the Act.

Please contact us for more information on Data Protection Consultancy, Solutions and Training