Data Protection Act

Data Protection Act

The New Data Protection Act 1998 carries forward the elements from the legislation introduced in 1984, and imposes stringent requirements that any organisation holding personal data must comply with. The legislation states that all processing undertaken must be fair and lawful, accurate and up-to-date, and that the data is adequate, relevant, not excessive and is held for no longer than is necessary.

It also becomes mandatory that appropriate technical measures are taken to prevent unauthorised or unlawful processing or disclosure of data. This includes accidental loss or destruction of, or damage to, personal data.
Personal data can only be processed if one of the following applies:

• an individual has given consent
• that it is part of a contract
• it is a legal obligation
• it is necessary to protect the individual      

The rules also introduce "sensitive personal data", which includes any that are racial or ethnic in origin, political affiliations, religious or other beliefs. This data demands greater protection and one of the following must be true: an individual's explicit consent is required; is a legal requirement; to protect the vital interests of the individual. Where consent is obtained, the individual must be made fully aware of the purposes for which the data is to be used and of any recipients.

Another huge change makes data held in manual or paper form subject to the Act. So any personal details stored in a paper format must be registered and the above conditions apply.

Individuals' rights are extended with further provisions to enable anyone to see a full description of the data held about him, on payment of a fee. This information has to be altered if it is inaccurate or likely to cause damage or distress.

Individuals can also request details of how automatic decision-making processes operate. This can impact on the use of data for direct marketing, either by mail or telephone. Compensation can be claimed for damage caused by breach of the Act.

Links

Further information on how the Council deals with data protection can be found on the following links.

• Subject Access Request Application Forms 
• Data Protection - Definitions
• Data Protection - Fair and Lawful Processing
• Data Protection - Consent
• Data Protection - Security Measures
• Data Protection - Transfers Overseas

How to contact us

By post:
Data Protection Officer
Mid Beds District Council 
Priory House
Monks Walk
Chicksands
Shefford, Beds
SG17 5TQ 

By phone:
08452 304040 (charged at local rate) or 01462 611222

By Fax:
08702 432122

By email:
foi@midbeds.gov.uk