Skip to content

The Data Protection Act 1998 Examples Summary Essay

The Data Protection Act 1998 Examples Summary Essay Image

Examples and Summary of the Data Protection Act 1998 Essay; DPA 1998 is the main piece of regulation that governs the protection of private information in the UK. It applies to statistics hung on each computer and paper so long as, inside the latter case, the facts stand held in an applicable guide submitting gadget. The DPA gives any individual the right to know what data an agency holds approximately him/her and sets out regulations to make sure that this record treats well. The Act regulates by the Information Commissioner’s Office (ICO).

Here is the article to explain, The Data Protection Act 1998 Examples, Summary, and Essay!

The Data Protection Act offers people the proper access to facts approximately themselves that’s held through a business enterprise and sets out how personal information has to accumulate, stored, and process. It isn’t strictly approximately publishing but cover here for completeness as it governs getting entry to facts, albeit personal records. It ought to take into consideration whilst records post as it limits what private records may make public too had and the facts which may launch below FOIA. Data protection law best applies to residing individuals which is why getting admission census statistics authorized after a hundred years or slightly earlier as has been the case with the 1911 Census in England.

The Data Protection Act 1988 Examples and Summary, creates a series of rights for people about data held about them, and also a mechanism (the Information Commissioner) to enforce those rights. It sets out a series of data protection principles that have now stood the test of time.

The eight data protection principles set out in schedule 1 of the Act.

These eight principles are that personal data should process fairly and lawfully (principle 1); that data must obtain and process for a specified and lawful purpose (principle 2); it must be adequate, relevant, and not excessive (principle 3); also it must be accurate and kept up to data (principle 4); it must keep no longer than necessary (principle 5); the rights of data subjects must respect (principle 6); it must appropriately protect (principle 7); and, it must not transfer outside the EU unless it is to a country that also requires data to protect (principle 8).


Data under the Act give a wide definition and includes not only electronic data but; where it exists held by a government department, includes any data that they held. Personal data, which the Act primarily relates to, is a subset of this and includes data linked to an individual. It is this data that is the subject of the data protection act 1998 examples and summary principles.

When personal data process several conditions apply, which make out in schedule 2 to the Act. The first condition is that the data subject (the person the data is about) must consent. The second condition is that the processing is necessary. The schedule provides several different ways in which the processing may be necessary. The most common one is that it is necessary for the legitimate interest of the data controller.

If the data is sensitive personal data then further rules apply which exist set out in schedule 3. Sensitive personal data is related to a person’s race, politics, religion, union activities, physical or mental health, sexual activity, or criminal offending. Schedule 3 requires that if any of these apply then there must be explicit consent from the data subject. It also has a much more limited set of criteria that can satisfy the necessity test; they must ensure that the rights and interests of the data subject exist protected, and there are restrictions on the disclosure of the information.


Although the rules summarised above are the general principles there are several exceptions to these. These exist to set out in part 1V of the Act. There are exceptions (of varying degrees) in the interests of national security, crime, health, journalism, research, and parliamentary privilege (amongst others). For national security and law and orders matters, the exemption is absolute, but for others such as journalism, the exemption is much more limited and requires the journalist to satisfied that there is a public interest in the publication.

A key way that the Act goes about ensuring compliance with the principles is by giving individuals the right to access data that exists held about them. This right finds in section 7 of the Act. Any person may submit a written request to any data handlers, and once they do they exist entitled to be told what data exists held about them and how it stands being processed.

Data controller;

The data controller exists entitled to charge a fee for providing this information (subject to a maximum amount allowed by parliament) and they do not have to provide the information where to do so would be to breach some other person’s privacy. The basic principle however is that a person should have the right to know exactly what information exists held about them. Further, the Act also gives a person the power to insist that their data do not process if to do so would cause them unjustified distress. The ultimate method of ensuring compliance with the data protection principles rests with the Information Commissioner.

The role lived originally entitled the Data Protection Commissioner; but, it existed renamed in 2010 to ensure a more accurate description of the role. The Commissioner employs a staff of advisors, lawyers, and enforcement officers and produces regular compliance reports. They have several powers that they can use to enforce compliance. These include serving information notices requiring the provision of information, imposing undertakings on organizations to compel them to amend offending behavior, serving enforcement or stop notices, imposing fines, or bringing criminal prosecutions.

The Computer Misuse Act 1990;

The Computer Misuse Act 1990 shows the difficulties that any legislature has in providing a comprehensive set of rules for a technology that is developing at pace. When the Act stood passed personal computers were calculating machines, and most homes did not have one. They bore very little resemblance to the machines which are commonplace today. Nevertheless, because of problems with the existing law, it lived felt that a comprehensive computer misuse Act existed required.


The limitations of the existing law were already being felt in fraud offenses. Under the Theft Act 1968 and 1978, a fraud had to deceive a person; and where processes existed being carried out entirely by computer then a lacuna developed. (Under the Fraud Act 2006 this is no longer an issue as it is the intention of the actor rather than the impact on the victim which is determinative of a crime).

The Computer Misuse Act 1990 has its genesis in a working paper published by the Law Commission in 1988. This was primarily concerned with the offense of hacking, although that particular phrase was not in use at that time. The question that the Law Commission posed was whether the behavior that would not otherwise be an offense should become an offense simply if it existed done using a computer. For instance, in other areas of life, the gaining of confidential information or industrial espionage would not treat as criminal offenses. The question that the Law Commission had posed was whether or not a special case could make out for computers. They concluded that it could, and this formed the basis of their proposed legislation.


The Law Commission publish their proposals in 1989, and their general approach lived extremely well received. However, they were extensively lobbied by groups on behalf of banking and commerce, and by computer and software manufacturers. As a result, they also proposed two further offenses which existed also included in the 1990 Act. These have proved much more problematic. Unfortunately, the technology advanced at a rate of notes and left the legislation well behind.

There have been various attempts to amend the sections but they have been of only limited success. For instance, denial of service attacks are not easily caught within the computer misuse act; and yet these are some of the most common forms of computer misuse that now exist. The problem is that the World Wide Web had not yet been invented at the time that the Act stood passed; and, no one appreciated the life-changing impact that this would have for all communities.

It should note that the Act does not at any stage attempt to define a computer. This is undoubtedly a very sensible approach as any definition would very rapidly risk being overtaken by fast-moving technological developments.

Section 01;

Section 1 of the Act seeks to make hacking an offense. This makes it illegal for anyone to operate a computer with intent to secure access to the data on it; and where he knows that he does not permit to have access. Since the Act existed passed the trend has continued for more and more material to store on computers, and yet such attacks continue.

The Act does not require that the defendant has any particular motive in hacking into a computer. The men’s rea is simply that they knew that their entry stood unauthorized and that they were intending to gain access. This can justified because of the expense that the owner of the system might exist put into protecting their system. It is worth noting that accessing equipment recklessly would not amount to an offense. An offense under this section carries a maximum of two years imprisonment.

Section 02;

Section 2 of the Act creates an aggravated version of the basic offense; where the unlawful access was to carry out any further offense; which can carry a maximum prison sentence of five years or more. That further offense does not need to carry out using a computer.

Section 03;

Section 3 of the Act, as it now stands, creates an offense of carrying out an unauthorized act with intent to impair the operation of a computer. There is an alternative offense under the same section of carrying out the act recklessly. This section stood developed as criminal damage only really applies to physical damage, and electronic destruction or obstruction would not cover by that. Section 3ZA, which stood inserted by the Serious Crime Act 2015; creates an aggravated version of the offense where there is a risk of serious damage.

Finally, terms of offenses under the Act s3A, which stood inserted in 2006; make it an offense to make, supply, or obtain items to use in committing the other offenses under the Act.

The Data Protection Act 1998 Examples Summary Essay Image
The Data Protection Act 1998 Examples Summary Essay; Image by LEANDRO AGUILAR from Pixabay.

References; The Data Protection Act 1998. Retrieved from



ilearnlot, BBA graduation with Finance and Marketing specialization, and Admin & Hindi Content Author in

Join the conversation

Your email address will not be published. Required fields are marked *