Data Protection Act 1998

Data Protection Act 1998
Act of Parliament
Long titleAn Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
Citation1998 c. 29
Territorial extent United Kingdom of Great Britain and Northern Ireland
Dates
Royal assent16 July 1998
Other legislation
Repeals/revokesData Protection Act 1984
Amended byYes
Repealed byData Protection Act 2018
Status: Repealed
Text of statute as originally enacted

The Data Protection Act 1998 (DPA, c. 29) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

Under the 1998 DPA, individuals had legal rights to control information about themselves. Most of the Act did not apply to domestic use,[1] such as keeping a personal address book. Anyone holding personal data for other purposes was legally obliged to comply with this Act, subject to some exemptions. The Act defined eight data protection principles to ensure that information was processed lawfully.

It was superseded by the Data Protection Act 2018 (DPA 2018) on 23 May 2018. The DPA 2018 supplements the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. The GDPR regulates the collection, storage, and use of personal data significantly more strictly.[2]

  1. ^ Data Protection Act 1998, Part IV (Exemptions), Section 36 Archived 24 August 2007 at the Wayback Machine, Office of Public Sector Information, accessed 6 September 2007
  2. ^ Ford, Michael (March 1999). "Recent legislation. The Data Protection Act 1998". Industrial Law Journal. 28: 57–60. doi:10.1093/ilj/28.1.57.

From Wikipedia, the free encyclopedia · View on Wikipedia

Developed by Nelliwinne