Key definitions under the DPA 1998 [Archived]

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Key definitions under the DPA 1998 [Archived]
  • Background
  • Data
  • Personal data
  • Sensitive personal data
  • Data subject
  • Data controller
  • Data processor
  • Processing
  • Relevant filing system

Key definitions under the DPA 1998 [Archived]

ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.


The DPA 1998 governs processing of personal data in the UK. It obliges processors of such data to comply with eight principles, and gives individuals a right to know what information is held about them. For further information on the principles, see Practice Note: Data protection principles under the DPA 1998.

The Information Commissioner's Office (ICO) supervises and enforces the implementation of the DPA 1998. For more information, see Practice Notes: The Information Commissioner’s Office (ICO) and Sanctions and enforcement under the DPA 1998.

Sections 1 and 2 of the DPA 1998 contain definitions for the key terms used throughout the act and within the Information Commissioner's codes of practice or other guidance. Key statutory definitions include:

  1. Data

  2. Personal data

  3. Sensitive personal data

  4. Data subject

  5. Data controller

  6. Data processor

  7. Processing

  8. Relevant filing system

Changes as a result of the General Data Protection Regulation

The General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) (applicable from 25 May 2018) introduces substantial amendments to EU and UK data protection law and replaces the DPA 1998 and Directive 95/46/EC (the Data Protection Directive) from that date.


Popular documents