Data protection


Purpose of the Data Protection Act (DPA)

  • Protect individuals from incorrect use of their personal information

  • Allow prosecution of companies that break DPA

  • It was created to meet EU regulations

  • It allows individuals to see what data is held about them

  • It puts regulations on what is done with personal data.
1 of 18

Principles and meanings

1, Data should be collected and processed professionally and lawfully.    

Meaning - Any information collected about you has to have permission to be collected and you have to be told what data is being collected.

2, Personal data can only be held for specific and lawful reasons.

Meaning - The data collector has to state why they want to collect the data and what will happen with it. If the data is used for a different reason they would be breaking the law.

2 of 18

Principles and meanings

3, Data should be relatable as to why it should be collected, and not excessive for the required purpose.

Meaning - Organisations should only collect the data and no more that is necessary.

4, Personal data should be accurate and kept-up-to-date.

Meaning - The company should do their best in trying to make sure the facts are correct and changed as soon as possible.

3 of 18

Principles and meanings

5, Personal data should not be held for longer than necessary.

Meaning - Organisations should only keep information for a reasonable amount of time.

6, Data must be processed in accordance with the rights of the data subject

Meaning - People have the right to access their own data and have it changed if it is wrong.

4 of 18

Principles and meanings

7, Appropriate security measures must be taken against unauthorised access.

Meaning - Informations must be kept from hackers and people who are not authorised to access it. Data must be safeguarded from accidental lost.

8, Personal data can be transferred to countries that aren’t in the EU unless they follow similar legislations to DPA

Meaning - This means country must have similar legislations to the Data Protection Act.

5 of 18

What? Why? When?


  • It was created to control development and people’s privacy


  • To protect people’s privacy, age, medical records, political and religious beliefs

  • Large databases are able to hold large amounts of information

  • Global networks are able to share information instantly


  • It first became law in 1984 and was then updated in 1998
6 of 18

Sensitive data

These are considered as sensitive data;

  • racial or ethnic origin

  • membership of a trade union

  • criminal convictions or offenses

  • political opinions


7 of 18

Your rights

  • You are allowed to access any personal data that a company has about you.

  • If you believe that personal data which is being stored about you is incorrect then you have the right to have that data changed.

  • You have the right to claim compensation if you have suffered damage and distress because of company holding or processing personal data about you. Damage could be physical, financial loss and damage to your personal reputation.
8 of 18

Data accessibility;

National Security- If it is for the purpose of safeguarding national security, data controllers do not have to share this information.

Crime - Data which is being held in order to prevent or detect a crime does not have to be disclosed.

Taxation - any data collected for taxation purposes is exempt

Health, Education and Social Work - personal data about the physical or mental health of the data subject. You have no automatic right to view your medical records. If a doctor believes that viewing them would harm your mental well being, they can be withheld from you.

Schools and examinations - personal data relating to the present or past pupils of a school. Examination scripts and examination marks held by examination authorities.

9 of 18

The Law

There are two main laws that will affect businesses if data has been lost.

Data protection act (DPA) - The business could potentially have to pay compensation for the lost data as it is breaching the law, which states that all personal data must be kept secure.

Computer misuse act (CMA) - if data has been lost because of a hacker, this law states that if they are found they can be prosecuted, where they could then be made to pay a fine or sent to prison.

10 of 18

Data loss

Data can be lost by;

  • Data not being saved

  • Data not been stored in more than one place

  • Scratches on a hard disk

  • Theft

  • Fire, floods, lightning damage

  • Viruses or hacking

11 of 18

Prevention of data loss

Store different versions

You should save your work as different versions every so often, just in case your work becomes corrupted or you accidnetally delete something. You can then go back to an earlier version and change anything needed.

Use external backup devices

Although you should back up your work on the software you are using, you should also make a regular backup onto another piece of hardware, preferably something that is removable. for example removable hard disk, magnetic tape, DVD-RW. This removable back up should be stored somewhere different, so that if there were a fire, flood or theft, you would still be able to get hold of a copy of your data.

12 of 18

Physical protection of data

here are many things you can do to make your equipment more secure:

  • Lock the room when not in use and use swipe cards/keypads so unlock.

  • Use security guards if you are part of a large firm.

  • Bolt computers to the desk

  • Use special pens to mark your postcode onto the computer case

  • Keep windows shut - especially if on the ground floor and have bars at the windows.

  • CCTV video cameras

13 of 18

Software protection

  • To stop viruses from taking over your computer you should use an anti-virus software.

  • This protects your computer from viruses and will get rid of them before they cause any harm to your computer or potentially make you lose data.

  • It is usually setup to scan your computer on a regular basis and to check every file being opened before it is allowed to run.

14 of 18

Software protection

  • Anti-virus software is normally set up to check online for an update every few days or so because there are so many new viruses appearing every day.
  • You should also make sure that your passwords are relevant to you and make sure they contain capital letters, numbers and average at 8 or more characters.
  • Keep your passwords to yourself!
15 of 18


If an employee losses, steals or corrupts data this could mean they have broken the IT policy.

The employees could face;

  • a written warning

  • a demotion of job role and potentially salary reduction

  • fired from their job


16 of 18

Impact on the business

  • The business will have to pay compensation if data is lost. If the business is unable to pay the compensation they may have to shut down their business as they don't have any money.
  • They will also have to improve their security - which could increase costs as they have to improve premises and buy new software. Or even potentially have to hire IT support on site.
17 of 18

Impact on customer

If a customer's data is lost, stolen or corrupted it could have an impact on them. Which could be;

  • Become victims of identity theft

  • Loss faith and trust in the business and move their custom somewhere else which is more reliable
18 of 18


No comments have yet been made

Similar ICT resources:

See all ICT resources »See all Acts, Security and Legislation resources »