This is a preview. To continue reading please log in or Register to read this article

Data protection

Updating author: Nicky Stibbs


  • The Data Protection Act 1998, which implements the Data Protection Directive (95/46/EC), came into force on 1 March 2000 (repealing and replacing the Data Protection Act 1984). (See Meaning of terms)
  • The Data Protection Act 1998 embraces all forms of personal data, whether held on computer or in a relevant filing system, for example in paper-based personnel files. (See Manual or paper-based files)
  • In an employment context, the term personal data includes not only facts and opinions about a particular employee but also information about the employer's intentions in respect of that employee. (See Meaning of "personal data")
  • The Data Protection Act 1998 lays down rules concerning the processing of sensitive personal data - meaning data about an individual's racial or ethnic origins, political opinions, religious or other beliefs, trade union membership, health, sex life or sexual orientation, criminal proceedings or convictions. (See Meaning of "sensitive personal data")
  • Data subjects have the right to be told about and to be provided with intelligible copies of any personal data held on computer or in a paper-based filing system. (See Subject access rights)
  • Data subjects also have the right to apply to the High Court or a county court for an order directing the data controller to rectify, block, erase or destroy any such personal data that is inaccurate. (See Subject access rights)
  • The Information Commissioner has significant powers under the Data Protection Act 1998 and may serve an enforcement notice on any employer that has contravened any of the eight data protection principles embodied in the Act. (See Enforcement)
  • The "Employment practices data protection code" provides guidance for employers on data protection issues related to the recruitment and selection of workers, the maintenance of employment records, the monitoring of workers and the processing of information about workers' health. (See Employment practices data protection code)

Sector resources

Additional resources on this topic are available for the following sectors: