Understanding the Data Protection Act

2000

2015

2018

1998

Privacy and Electronic Communications Regulations

Data Protection Act 2018

Data Protection Act 1998

Information Protection Act 2015

The organization holding the data

The person who has data about them stored

The Information Commissioner

The person collecting the data

To process data requests

To store data securely

To enforce the Data Protection Act

To collect data

Sensitive data

Public data

Archived data

Corporate data

Right to data portability

Right to be forgotten

Right of correction

Right of access

They must report data breaches within 72 hours

They must obtain explicit consent for data processing

They must be able to prove data protection measures are sufficient

They must appoint a Data Protection Officer

Transparency

Profitability

Efficiency

Security

Accuracy

Integrity and confidentiality

Limitation of purpose

Data minimization

Marketing

Legal obligation

User profiling

Selling to third parties