Data Protection Act 1998

From WikiMD's Wellness Encyclopedia

Data Protection Act 1998
Long title
  • An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
Territorial extentUnited Kingdom
Royal assent16 July 1998
Commenced1 March 2000
Repealed by
Data Protection Act 2018
Text of statute as originally enacted
Status: Repealed


The Data Protection Act 1998 (DPA 1998) was an Act of Parliament in the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted the EU Data Protection Directive 1995's provisions into UK law. The Act was repealed and replaced by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Provisions[edit | edit source]

The Data Protection Act 1998 aimed to protect the rights and privacy of individuals with respect to the processing of their personal data. The Act defined eight data protection principles:

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes.
  3. Personal data shall be adequate, relevant and not excessive.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose shall not be kept for longer than is necessary.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Data Subject Rights[edit | edit source]

The Act provided individuals (data subjects) with certain rights, including:

  • The right to access personal data held about them.
  • The right to prevent processing likely to cause damage or distress.
  • The right to prevent processing for the purposes of direct marketing.
  • The right to have inaccurate personal data rectified, blocked, erased, or destroyed.
  • The right to claim compensation for damages caused by a breach of the Act.

Enforcement[edit | edit source]

The Act was enforced by the Information Commissioner's Office (ICO), which had the power to issue enforcement notices and fines for non-compliance. The ICO also provided guidance and support to organisations to help them comply with the Act.

Repeal and Replacement[edit | edit source]

The Data Protection Act 1998 was repealed and replaced by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), which introduced more stringent data protection requirements and greater rights for individuals.

Related Pages[edit | edit source]

Flag of United KingdomJustice icon

This article relating to law in the United Kingdom, or its constituent jurisdictions, is a stub. You can help WikiMD by expanding it.

WikiMD
Navigation: Wellness - Encyclopedia - Health topics - Disease Index‏‎ - Drugs - World Directory - Gray's Anatomy - Keto diet - Recipes

Search WikiMD

Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD

WikiMD's Wellness Encyclopedia

Let Food Be Thy Medicine
Medicine Thy Food - Hippocrates

WikiMD is not a substitute for professional medical advice. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.

Retrieved from "https://wikimd.com/w/index.php?title=Data_Protection_Act_1998&oldid=5904195"

Contributors: Prab R. Tumpati, MD