The Data Protection Act 1998 (DPA 1998) was a landmark UK legislation that established fundamental principles for protecting personal data and individual privacy rights. This comprehensive framework regulated how organizations could collect, process, and store personal information, setting the standard for data protection in the UK for nearly two decades until it was replaced by the Data Protection Act 2018.
The Act implemented the EU Data Protection Directive 95/46/EC and introduced several key concepts that remain relevant in modern data protection law:
Key Objectives and Scope:
Core Requirements:
Data Protection Principles:
Technical Requirements:
Implementation of appropriate security measuresSystems for responding to subject access requestsData processing notification requirementsCompliance Mechanisms:
Key Privacy Protections:
Individual rights included access to personal data, correction of inaccurate data, and prevention of processing likely to cause damage or distress.
Territorial Scope:
Implementation Timeline:
The Act's significance lies in establishing the foundational framework for data protection in the UK, introducing concepts like data controller, data processor, and personal data that remain central to modern privacy legislation.
If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page