Q&As

Where a company enlists the services of a software/application developer to build an app for it, who is responsible for compliance with the data protection regulations?

read titleRead full title
Published on LexisPSL on 23/10/2017

The following TMT Q&A provides comprehensive and up to date legal information covering:

  • Where a company enlists the services of a software/application developer to build an app for it, who is responsible for compliance with the data protection regulations?
  • Background
  • The data controller
  • Compliance actions—privacy by design

This Q&A focuses on the position under the Data Protection Act 1998 (DPA 1998) and does not comment on the position under the forthcoming General Data Protection Regulation, Regulation (EU) 2016/679, (the GDPR) which will be directly applicable from 25 May 2018.

Background

Under DPA 1998 any data controller that handles personal data must comply with the following eight principles:

  1. Principle 1: personal data must be processed fairly and lawfully

  2. Principle 2: personal data must be obtained only for specified and lawful purposes

  3. Principle 3: personal data must be adequate, relevant and not excessive

  4. Principle 4: personal data must be accurate and kept up to date

  5. Principle 5: personal data must not be kept for longer than necessary

  6. Principle 6: personal data must be processed in accordance with the rights of data subjects

  7. Principle 7: there must be measures against unauthorised or unlawful processing of personal data

  8. Principle 8: there must be adequate protectio

Popular documents