Data Protection Act – What is the Data Protection Act?
The Data Protection Act is a British law that governs the processing and handling of personal information.
Keep your financial data safe and secure with Debitoor. Try Debitoor online invoicing software free for 7 days.
More specifically, the term ‘Data Protection Act’ could refer to a number of different pieces of legislation with the name ‘Data Protection Act’. Each new piece of legislation was introduced in order to replace, update, and modernise the previous version of the DPA.
Purpose of the Data Protection Act
The main purpose of the Data Protection Act is to protect individuals from having their personal details misused or mishandled. The Data Protection Act does this in two ways:
- By establishing rights for individuals;
- By creating responsibilities for businesses, organisations, and the government and setting guidelines for the way they handle and store ‘personal data’.
‘Personal data’ refers to information that identifies or is ‘obviously about’ about a specific individual; the Data Protection Act does not cover anonymous or aggregated data.
The Data Protection Act 1998
The 1998 version of the Data Protection Act applied to personal data stored on a computer or in a filing system.
The eight principles of the Data Protection Act 1998
The DPA 1998 established eight core principles for the handling of personal data. These principles required personal data to be:
- Processed fairly and lawfully
- Processed only for specified, lawful, and compatible purposes
- Adequate, relevant, and not excessive for the intended purposes
- Accurate and up to date – individuals have the right to have inaccurate personal data corrected or destroyed
- Kept for no longer than necessary
- Processed in line with the rights of the individuals
- Secured against accidental loss, destruction, or damage against unauthorised or unlawful processing
- Not transferred outside the European Economic Area (EEA) unless there is adequate protection.
The Data Protection Act 2018
The current version of the Data Protect Act was introduced in May 2018. One of the main features of the DPA 2018 was to put the standards outlined by the GDPR into British law. However, the DPA 2018 also introduced a few additional changes that were not covered by the GDPR – primarily in areas that the EU does not have authority over (such as immigration and security).
Data Protection Act and your small business
Virtually all small businesses and start-ups hold personal details of staff, customers, and suppliers – such as names, phone numbers, and bank details. Any data that is stored on a computer or within a physical filing system must comply with the Data Protection Act, and as an entrepreneur, freelancer, or small business owner, it’s your responsibility to make sure that you stick to the rules.
As a small business owner, you should handle data in accordance with the Data Protection Act's eight principles. Although this might seem like a lot of work, compliance is essential if you want to avoid hefty fines. The eight principles also tend to overlap with good practice when it comes to the management and handling of personal information, such as keeping personal details up to date.
The Information Commissioner’s Office (ICO) has a useful webinar on data protection for small and medium-sized enterprises.
Data Protection Act and Debitoor
Debitoor invoicing software strictly adheres to the principles of the Data Protection Act and the GDPR – both regarding the data of our users, as well as the data stored in their accounts. Find out more about security as a Debitoor user.