How the Data Protection Act works

The Data Protection ActData Protection Act 1998 (DPA): legislation passed by parliament that governs the protection of personal data in the UK was developed to give protection and lay down rules about how datadata: information without context, eg a list of students with numbers beside their names is data, when it's made clear that those numbers represent their placing in a 100 metre race, the data becomes information about people can be used.

The 1998 Act covers informationinformation: data with context or meaning or data stored on a computer or an organised paper filing system about living people.

The basic way it works is by:

1. setting up rules that people have to follow
2. having an Information Commissioner to enforce the rules

It does not stop companies storing information about people. It just makes them follow rules.

The roles of those involved

1. The Information Commissioner is the person (and his/her office) who has powers to enforce the Act.
2. A data controller is a person or company that collects and keeps data about people.
3. A data subject is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers. This makes us all data subjects as there can be few people in the UK who do not feature in computer records somewhere.