
	Home > Ask the Information Security Experts > Information security governance and compliance Questions & Answers > Complying with the UK Data Protection Act of 1998

Ask The Security UK Expert: Questions & Answers

Complying with the UK Data Protection Act of 1998

Alan Calder

EXPERT RESPONSE FROM: Alan Calder

		Pose a Question

		Other Security UK Categories

		Meet all Security UK Experts
		Become an Expert for this site

Digg This!

StumbleUpon Toolbar

StumbleUpon

Del.icio.us

>

QUESTION POSED ON: 10 January 2008
What are the key things I have to do to comply with the Data Protection Act?

Digg This!

StumbleUpon Toolbar

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information security governance and compliance
	Credit card data protection (over the phone)
	What are best practices for credit cards in a call centre?
	How to achieve laptop data security

Compliance Regulation and Standard Requirements

USB drive security project protects endpoints, aids CoCo compliance

Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list

The basics of enterprise GRC project management

SearchSecurity.co.uk partners with PCI DSS User Group

Council boosts compliance efforts with system log management app

PCI DSS Q&A: Answering your questions

Security budgets take hit in media, tech industry, survey finds

Forrester advises cautious approach to cloud computing services

NHS imposes USB stick security

IAS 6 aims to lock down data from government departments, suppliers

Data Protection Solutions and Strategy

Sourcefire to ignite new offerings for virtualisation security

USB drive security project protects endpoints, aids CoCo compliance

How to enforce an enterprise data leak prevention policy

Companies underestimate Web 2.0, social networking threat, says survey

RSA council addresses growing security risks in the cloud

Attackers use ATM malware to steal track data, PINs

CSA, Jericho Forum unite on cloud computing security message

How to create a data classification policy

Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert

Organizations struggle with data leakage prevention, rights management

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Basel II (SearchSecurityUK.com)

EU Data Protection Directive (SearchSecurityUK.com)

Financial Services Authority (SearchSecurityUK.com)

UK Identity Cards Act (SearchSecurityUK.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

There are a number of basic requirements and some that are rather more demanding. As a minimum, every organization that is going to process personal data (and this means any data relating to a living human being, not to an organization) must register with the Information Commissioner (www.ico.gov.uk) and describe, in the registration, what the purpose of processing this data is. It must be a permitted purpose. Registration is annually renewable and, once registered, you must comply with the purposes for which you've registered. That's the easy bit. The more complex bit is, in essence, that you must comply with the eight principles of the Data Protection Act. The eight principles are that personal information must be:

Fairly and lawfully processed

Processed for limited purposes

Adequate, relevant and not excessive

Accurate and up to date

Not kept for longer than is necessary

Processed in line with your rights

Secure

Not transferred to other countries without adequate protection

The ICO has comprehensive information (http://www.ico.gov.uk/for_organisations.aspx) and the BSI Data Protection Guide provides comprehensive guidance.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Access Management: Authentication, Biometrics, Password Security

About Us | Contact Us | For Advertisers | For Business Partners | Site Index | RSS

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2009, TechTarget \| Read our Privacy Policy