Home > Ask the Information Security Experts > Information security governance and risk management Questions & Answers > Complying with the UK Data Protection Act of 1998
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Complying with the UK Data Protection Act of 1998

>
QUESTION:
What are the key things I have to do to comply with the Data Protection Act?


RELATED CONTENT
Information security governance and risk management
Will physical security integrators work with IT departments?
How to write an information security policy
How to manage logs
Credit card data protection (over the phone)
What are best practices for credit cards in a call centre?
How to achieve laptop data security

Compliance Regulation and Standard Requirements
PCI DSS requirements still baffling as compliance deadline approaches
Make PCI DSS compliance easier by reducing scope, outsourcing data
Cloud computing compliance: Exploring data security in the cloud
Encryption basics: How asymmetric and symmetric encryption works
SIEM systems streamline compliance processes, offer security benefits
No major PCI DSS revision expected in 2010
PCI QSAs, certifications to get new scrutiny
Tips to achieve PCI compliance
PCI DSS requirements: Get ready for stricter enforcement, fines
Data Protection Act breach could cost companies 500,000 pounds

Data Protection Solutions and Strategy
Enterprise data management: Prevent data loss and insider threats
NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel
Make PCI DSS compliance easier by reducing scope, outsourcing data
Data Protection Act fines likely limited, audit powers may expand
Websense integrated security system aims to simplify security management
Full disk encryption: Safer and easier than file and folder encryption
No major PCI DSS revision expected in 2010
Data breach costs continue to rise in 2009, Ponemon study finds
Chinese hacker attacks target Google Gmail accounts, top tech firms
Annual security reports offer some hope

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Basel II  (SearchSecurityUK.com)
Code of Connection (CoCo)  (SearchSecurityUK.com)
EU Data Protection Directive  (SearchSecurityUK.com)
Financial Services Authority  (SearchSecurityUK.com)
IFRS (International Financial Reporting Standards)  (SearchSecurityUK.com)
UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Alan Calder EXPERT RESPONSE FROM: Alan Calder

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site
ANSWERED January 2008:
There are a number of basic requirements and some that are rather more demanding. As a minimum, every organization that is going to process personal data (and this means any data relating to a living human being, not to an organization) must register with the Information Commissioner (www.ico.gov.uk) and describe, in the registration, what the purpose of processing this data is. It must be a permitted purpose. Registration is annually renewable and, once registered, you must comply with the purposes for which you've registered. That's the easy bit. The more complex bit is, in essence, that you must comply with the eight principles of the Data Protection Act. The eight principles are that personal information must be:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection
    • The ICO has comprehensive information (http://www.ico.gov.uk/for_organisations.aspx) and the BSI Data Protection Guide provides comprehensive guidance.



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Access Management: Authentication, Biometrics, Password Security
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2010, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts