Data Protection Guidance for Individuals
The Data Protection Act refers to information about you as "personal data." This is information from which the organisation holding it can identify you and includes expressions and opinions about you. A more comprehensive definition can be found in the legislation section.
How the Act works
The Act sets out a number of rules called the data protection principles which any business, organisation or public body must follow when processing your personal data.
These rules include:
- telling you what they are going to do with your personal data
- using the data lawfully,
- only using the data for the reasons they tell you,
- only processing what is needed, and
- making sure that the data is secure, accurate and only kept for as long as needed.
The Act also gives you a number of rights. These include:
- the right of access to your personal data
- rights in respect of direct marketing
- compensation where failures to comply with the Act occur
- the right to have your data corrected if it is inaccurate
- the right to stop processing of certain information.
You can make a complaint to the Information Commissioner if you think that an organisation has not complied with your rights or the Act when using your information.
The use of your information for direct marketing
When your information is being used for direct marketing other rules apply in addition to the Data Protection Act. For more information see the section "The Direct Marketing Rules".
INDIVIDUALS SHOULD BE AWARE THAT THE DATA PROTECTION LAWS ARE CHANGING IN MAY 2018 - FOR MORE INFORMATION SEE OUR DOCUMENT "THE NEW DATA PROTECTION LAWS - WHAT THEY MEAN FOR YOU"