Jargon Buster - Definition of Data Protection Act 1998

Please select your letter of choice below to see the list of terms:

Data Protection Act 1998

is an Act of Parliament that regulates how an individual's personal information is used. It was also put in place to protection individuals against the misuse of their personal data.

The Data Protection Act (DPA) was first introduced in 1984 but was re-released in 1998 to put stringent controls over the electronic storage of information due to the rising use of computers.

Businesses who wish to hold customer information must register under the Act and maintain a Data Protection License (DPL). This register must declare the type and purpose of information processed. The penalty for not registering under the Act could mean a fine of around £5,000.

Data Controllers must abide by the following eight Data Protection Principles:

  • Personal data shall be processed fairly and lawfully and, in particular shall not be processed if:
    • one of the conditions for processing personal data is met; and
    • in the case of sensitive personal data, at least one of the conditions for processing this kind of data is met.
  • Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose(s).
  • Personal data shall be accurate and, where necessary kept up to date.
  • Personal data processed for any purpose(s) shall not be kept longer than it needs to be.
  • Personal data shall be processed in accordance with the rights of the data subjects under this Act.
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data against accidental loss or destruction of, or damage to, personal data.
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Please note that all definitions are intended for general guidance only. For official and current definitions you should always double check your policy wording.

If you are in doubt of the meaning of any terms, why not email us on