This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


Data Protection and Data Protection Act (DPA) Compliance

Data protection is an issue that affects all organisations. With developments in technology permeating all facets of society and business has come an increase in the incidence of hacking, data breaches and data loss.

In the UK, all organisations must comply with the Data Protection Act (DPA), and will face stiff penalties if they breach it. Other countries have local equivalents of the DPA. On this page you can learn about data protection and compliance to the DPA.

To discuss your DPA requirements, call us on +44 (0) 0845 070 1750.

On this page:

The video below features IT Governance CEO Alan Calder speaking at the Privacy Laws & Business 23rd Annual International Conference about the relationship between data protection law and information systems.

Eight principles of the UK Data Protection Act

The Data Protection Act 1998 (DPA) applies to all organisations in the UK. All organisations that hold or process personal data must comply with the requirements of the DPA. Though by no means the whole of the act, Schedule 1 sets out eight principles to which organisations comply.

This ensures that personal data:

  • is treated fairly and lawfully;
  • is obtained and processed only for specific and specified purposes;
  • is adequate, relevant and not excessive;
  • is accurate and up to date;
  • is not retained for longer than necessary;
  • is processed in accordance with the individual’s rights;
  • is held with appropriate levels of security;
  • is not transferred abroad without ensuring adequate levels of legal protection.

Organisations that are found to be in breach of the DPA can be fined up to £500,000 by the Information Commissioner's Office (ICO).

Is your organisation compliant with the UK DPA?

Other books on the UK Data Protection Act requirements that are worth ordering include:

Emerging data protection and privacy regulation

Around the world, data protection and privacy legislation is an increasingly important part of overall IT governance. It is in this field in particular that new laws are emerging on a regular basis. Many of these overlap with or contradict existing laws, and rarely come with detailed regulatory implementation guidance or meaningful case law.

The British BS10012 Personal Information Management System Standard (PIMS) provides guidance on tackling this problem. BS10012 specifies the requirements for a PIMS and thus allows quick compliance to existing Acts (including the DPA), and new laws because of its best-practice approach to the management of personal information.

Key legislation for the UK includes the following:

In the UK, the Data Protection Act, the Human Rights Act, the Regulation of Investigatory Powers Act and various telecommunications, distance selling and anti-spam measures combine to make compliance a significant challenge for all organisations. In addition to the DPA, all private sector organisations are also obliged to comply with the Freedom of Information Act.

To discuss your DPA requirements, call us on +44 (0) 0845 070 1750.

Buy DPA toolkits

Data Protection Act Compliance Toolkit

Buy now


Data Protection Compliance Report

Download Now

live chat support software