Data Protection Act 1998

(redirected from Data Protection Act)
Also found in: Encyclopedia, Wikipedia.

Data Protection Act 1998

UK law that protects patient information from unauthorised access. The Act requires that data acquired has prior informed consent, that it is stored securely with safeguards to avoid unauthorised access of the data, and can only be released under exceptional circumstances—e.g., for criminal investigations. The Act allows individuals to access information of which they are the subject—e.g., their own medical records.

Eight Principles of Data Protection Act
Personal data must be:
(1) Processed fairly and lawfully;
(2) Processed for specific purposes and in an appropriate manner;
(3) Adequate, relevant and not excessive;
(4) Accurate and up-to-date;
(5) Not kept for longer than necessary;
(6) Processed in accordance with the rights of the data subjects;
(7) Protected by appropriate security;
(8) Not transferred outside the European Economic Area without adequate controls.
References in periodicals archive ?
The Data Protection Act 1998 came into force on March 1, 2000.
He said that a random survey of 20 Coventry firms showed that 80 per cent had failed to properly implement the Data Protection Act.
* For further information on the Data Protection Act 1998, or to find out more about storing employee data, contact Business Link on: (0845) 600-9006.
The accusations were lodged with Humberside Police, but they mistakenly believed they had to delete such records to comply with the Data Protection Act.
``However, in any circumstances where there are grounds for believing that cutting a particular household off would pose significant risk, then the Data Protection Act would not prevent an energy supplier from notifying the relevant body,''he said.
This contravenes the Data Protection Act 1998 which stipulates that all retailers must obtain the 'informed consent' of data subjects to process their data in this way.
He was dismissed following a fasttracked disciplinary hearing over claims he used "excessive force while restraining a detainee and breaching the Data Protection Act by sending messages via the platform WhatsApp".
Due to the lack of a Data Protection Act, we can neither sue the companies for any breach of data that occurs and how can they be held liable?
The Data Protection Act 1998 says anyone conducting DBS checks should "maintain all accounts, online or otherwise, for all DBS products and delete when no longer required".
So TalkTalk, which was fined a record PS400,000 last October under the existing Data Protection Act (DPA), could have been fined up to PS59m under GDPR.
In a (https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/07/royal-free-google-deepmind-trial-failed-to-comply-with-data-protection-law/) statement announcing its findings, the Information Commissioner's Office said the Royal Free NHS Foundation Trust did not comply with the Data Protection Act when it provided partial records for more than 1.6 million patients to DeepMind.

Full browser ?