In 2018 the European Union introduced GDPR ( General Data Protection Regulation ) to protect the privacy of data for people in the EU. The UK matched this by updating the Data Protection Act introduced in 1998 to become the Data Protection Act (2018) .
This act protects the data of individuals that is stored on computers and processed by organisations.
How the Data Protection Act works:
Each person who has their data stored is known as a data subject . An employee within an organisation must be appointed as a data controller and it is they who are responsible for registering with the Information Commissioner .
The Information Commissioner is the person in the UK who is responsible for managing several laws , most significantly the Data Protection Act.
When registering with the Information Commissioner, the organisation's data controller must be clear on exactly:
The six principles of the Data Protection Act state that data must be:
1. Collected lawfully and processed fairly.