Data Protection Act


This guide is part of a larger effort to provide information about data protection and its implementation around the world. The article is targeted towards Data Protection Officers as well as other professionals with a similar set of responsibilities. Hence,this content is solely created to aware people about the facts and figures of Data Protection Act. There are a few ways in which an organisation can protect its employee’s data from any cyber threat/crimes. Such as GDPR Audit, it is like an assessment which find hidden threats of an enterprise.

This should be helpful in understanding the basic principles that apply to data with in the UK for the majority of organisations. We touch upon the General Data Protection Regulation as implemented through the piece of legislation known as the Data Protection Act 2018. You can have assessment mentioned above but before that you must know a few things. Because before implementing on a GDPR Audit Program, a company must know what GDPR Audit requirements are? Everything has aprice, prior proceeding the Audit procedure, make sure what GDPR Audit Cost is?

The guide unpacks concepts such as data protection rights, obligations, and principles. All of the important elements are summarised for ease of consumption. It also answers common questions and includes checklist for compliance. Data Protection Audit GDPR is solely for the organisations trying to save themselves from online hacking. An information is a very useful thing but for its protection considerable measures should be taken.

Hence forth, we shall refer to the Data Protection Act as "the Act". It will apply topersonal data that is defined as information about individuals. It gives people the right to retrieve their own data through requests. It also lists the rules so that data processing can proceed correctly.

The Act serves two purposes:

  1. To give individuals rights to their personal data, such as knowing the type of information stored about them and the ability to gain access to it.
  2. To make it clear that those that process personal data are required to observe the principles stated in the Act.

The assumption should be that all personal data stored by the University pertaining to a known living person fall under the coverage of the Data Protection Act.

Data Coverage

The act shall cover any processing of personal information. That is, all data about a living person known as the data subject, through which that person may be identified directly or in conjunction with other pieces of data. This means that anonymous data is not covered under the law.

The act is applicable to information stored in hard copies or in electronic form, no matter where this may be present. This means that it includes data inside and outside of the campus, including those contained in employee mobile devices. This is true for as long as the data is held for the purposes of the University no matter who owns the device itself.

Data Processing

Processing can encompass a wide variety of actions related to data so it requires abroad definition as see below:

  1. The use of data in any manner.
  2. The disclosure or sharing of data.
  3. The deletion or destruction of data.
  4. The safeguarding of legal causes to acquire and process data.
  5. Data Subjects must be given notice that their data is being collected and utilised. Their consent will have to be obtained, if needed. No deception shall take place. They should be given adequate information about the reasons behind the data processing.
  6. In case sensitive data is included, the Data Subjects must give their definite consent before processing can take place.
  7. Personal data must only be taken from individuals who are lawfully authorised to provide the information