Helping You Understand the Data Protection Act 1998
What is the Data Protection Act?
In the 1980s Data Protection was introduced to protect individuals’ personal data with the increased use of computer systems to store information. The Act was updated in 1998 and specific laws around online data were introduced in 2003. There is a new revision set to take place within the next 2 years, and we will see the introduction of the General Data Protection Regulation (GDPR). We will be bringing you details of the proposed changes over the next few months.
How does it work?
The Data Protection Act is in place as a way to control how your personal information is used by businesses, organisations and the government. There are 8 protection principles which form strict rules which must be followed. The Information Commissioner has the power to enforce the Act, while the Data Controller is the person or company who gathers and stores the data held about individuals, known as Data Subjects. It is the Data Controller who must adhere to the protection principles set out by the Act.
What information is held about me?
Commonly, businesses will hold a client’s name, phone number, postal address and email address.
Under the Data Protection Act individuals, as a Data Subject, have the right to get a copy of information that is held by organisations. You can request this information by contacting the Data Controller in writing; there may be a charge for this.
How does ITAD relate to the Data Protection Act?
Let’s look at the principle which states that data is to be kept safe and secure. The Act states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” Many people and organisations overlook the fact that when they dispose of a PC or laptop, the hard drive contains a wealth of information. When you have confidential paperwork you need to shred it to dispose of it securely, similarly a hard drive needs to be shred before you dispose of it to ensure that the stored information cannot be accessed. To comply fully with the Data Protection Act in this aspect you need to be able to provide proof that this has been done. It is not just big companies and organisations that need to have Information Technology Asset Disposal (ITAD) processes in place, small businesses also need to make sure they comply.
How can ITADwise help me?
The services offered by ITADwise ensure that the information on your computer hard drives cannot be recovered. In addition to this you are provided with a certificate that proves that the correct processes have been followed; this is proof that you are complying with the Data Protection Act. Have a look at the hard drive shredding services that we offer here.