Legal Article - Employment Law

The Data Protection Act 1998

The Data Protection Act 1998 gives a right to privacy in the processing of personal data. Processing covers any operation involving data including its collection, recording, use, retrieval, consultation, disclosure , adaptation, alteration, combination, destruction or erasure.

Data covers not only automatically processed information, but also manual records kept as a set of information relating to an individual or by reference to criteria so that specific information relating to particular individuals is readily accessible.

All personal information is subject to eight data protection principles. These require that the data must:

• be processed fairly and lawfully
• not to be used for a purpose for which it was not collected

• be adequate , relevant and not excessive for the purpose

• be accurate and up to date
• not be kept longer than necessary

• be processed in accordance with the data subject’s rights

• be kept secure and protected from unauthorised processing, loss or destruction

• be transferred only to those countries outside the European Economic Area that provides adequate protection of personal information.

Data can only be processed with the person’s consent, unless it is necessary in order to perform a contract or to comply with any legal obligations to which the data controller is subject.

There are additional conditions to comply with where the data is sensitive personal data i.e. information on the racial or ethnic origin of the data subject, political religious or other beliefs, trade union membership, physical or mental health, sex life, actual or alleged committal of offences and any proceedings relating to the committal of an offence and sentences.

Not only must the eight principles be complied with in these cases, but the data subject must have given their explicit consent to processing the personal data. If they have not, then the employer must show that the processing is necessary for the purposes of exercising or performing any right or obligation which is imposed by law on the data controller in connection with employment, or is necessary to protect the vital interests of the data subject where consent cannot be reasonably obtained.

In addition, the Act restricts the use of automated decision making (e.g. psychometric tests).

Individuals have access to, and can correct, any personal data, including manual files. Data controllers are liable for any damages caused by breaches of the Act. Data collections must be notified to the Data Protection Commissioner, who can issue enforcement notices in respect of a breach. Breaches of notification requirements and the procurement or sale of personal data are criminal offences.


Published: 27 May 2011


To ensure you are a real person signing up and to prevent automated signups (spamming) could we ask you to copy the letters and numbers shown below into the box.

(cAse SeNSItivE!)

There are no comments

Share this Article

Related Articles

Employment Law Downloads