Data Protection Act
The Data Protection Act of 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 (UK) is the UK’s implementation for the General Data Protection Regulation (GDPR).
Everybody who handles personal data must follow strict guidelines called “data protection principles”. They have to ensure that the information:
- Use fair, legal and transparent
- Used for specific, explicit purposes
- It should be used in a manner that is appropriate, relevant, and only does what is necessary
- Up-to-date and accurate
- Keep it for as little time as possible
- You will be treated in a manner that provides adequate security. This includes protection against unauthorised or unlawful processing, access, loss or destruction.
For sensitive information such as:
- Ethnic background
- Political opinions
- religious beliefs
- trade union membership
- Biometrics (where applicable for identification)
- Sex life and orientation
Separate safeguards are in place for personal data related to criminal convictions or offences.
The Data Protection Act 2018 gives you the right to see what data the government and other organizations have about you. These include the right:
- Be informed about the use of your data
- Access personal data
- Correct data should be updated
- have data erased
- You can stop or limit the processing of your personal data
- Data portability allows you to access and reuse data from different services
- You can object to the processing of your data in certain circumstances
When an organization uses your personal data, you also have rights:
- Automated decision-making processes without human intervention
- Profiling is used to, for example, predict your behaviour or interests