Data protection cheat sheet [Archived]

The following Practice Compliance practice note provides comprehensive and up to date legal information covering:

  • Data protection cheat sheet [Archived]

Data protection cheat sheet [Archived]

Archived: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998. This Practice Note is for background information only and is not maintained.

What is the main piece of legislation in the UK?Data Protection Act 1998 (DPA 1998) although this will be superseded by the EU General Data Protection Regulation in May 2018.
Who is the data protection regulator in the UK?Information Commissioner’s Office (ICO).
What type of data does DPA cover?DPA 1998 does not regulate all data. It only covers
  1. personal data

  2. sensitive personal data, which is a type of personal data

Personal data will be covered by DPA 1998 if it is stored methodically or collected with the intention of doing so.
What is personal data?Any data that could be used to identify a living person, eg names, addresses or National Insurance numbers.
What is sensitive personal data?Personal data that is particularly sensitive. DPA 1998 defines this as information concerning:
  1. race/ethnicity

  2. trade union membership

  3. health (mental and/or physical)

  4. sexuality or sexual habits

  5. any criminal offence (whether actual or suspected), and any related legal proceedings

What’s the difference between a data controller and data processor?Data controller—the person/body responsible for deciding how and why personal data is to be processed.

Data processor—the person/body tasked with carrying

Popular documents