Update
New data protection regulations come into force on the 25 May 2018. The General Data Protection Regulations (GDPR) strengthen the current privacy legislation and place new obligations on organisations in the way they collect, process and store personal identifiable information.
GDPR replaces the Data Protection Act 1998 (DPA) and many of the requirements of GDPR are similar to those required to satisfy the DPA. However, there are some additional obligations which require those processing personal information to be able to show how they comply with the data protection principles.
Interim advice on how to prepare for these new regulations has been provided as part of the Ethical Practice topic. Please be aware that although the DPA is being replaced by GDPR, most of the advice on data protection provided in the Ethical Practice topic is still pertinent.
Legislation detailed in the Data Protection Act 1998 (DPA) [1] protects individuals from information about them being used inappropriately and informs and guides the holder of personal information as to how best to handle such information. The (UK) Information Commissioner’s Office enforces and oversees the DPA.