UK Data Protection Law
This note provides a summary of the principal law regulating the use of personal information, the Data Protection Act 1998, in addition to including a brief overview of some of the other related UK laws
The use by businesses of information about individuals is subject to a complex array of data protection laws. This note provides a summary of the principal law regulating the use of personal information, the Data Protection Act 1998, in addition to including a brief overview of some of the other related UK laws a business will need to consider in order to avoid issues of legal liability, restrictions on the handling of data or damage to brand and reputation.
Essentially, the Data Protection Act 1998:
- sets out the rules and practices which must be followed when processing information about individuals;
- grants rights to those individuals in respect of their information; and
- creates an independent supervisory body to enforce these rules, rights and practices.
Background – European law
In 1995, the European Commission adopted the Data Protection Directive which aimed to harmonise data protection legislation throughout the European Union¹. Each member state was required to implement the Directive by 24 October 1998.
The Data Protection Act 1998 (referred to in the rest of this note simply as the "Act") is the UK’s implementing legislation. It provides the framework for the UK’s data protection regime, with detail being filled in by means of specific items of legislation known as "statutory instruments" or "regulations".
Click here to download a general overview of UK Data Protection laws, including European law background, key terminology, fundamental principles, rights of data subjects, international sharing of data and why, and how, to comply.
If you have any questions on this article please contact us.
"The Data Protection Act 1998 is the UK’s implementing legislation."