The Data Protection Act 1998 came into force on 1 March 2000. It introduced into UK law the provisions of the European Commission Data Protection Directive (95/46/EC) and applies to anyone who processes, stores or is the subject of personal data.
The Act works in two ways and provides that:
- anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the eight principles of ‘good information handling’.
- all individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is wrong.
- the Act applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system).
- the main aim of the Act is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty.
In collecting, using, storing and disposing of data, the Trust or an individual Academy will comply with the requirements of the Data Protection Act that govern the processing of personal data. Under these requirements, information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful.
The Act only applies to personal information, ie, information about identifiable living individuals. If a request is made for information, in the majority of circumstances the issue will be resolved without reference to the Data Protection Act 1998. If a Data Subject specifically makes a request under this Act, then a formal procedure must be followed.
Please read the attached policy below for information and procedures to follow should you wish to make a Data Subject Access Request.
Once complete, the standard form should be either posted to the Trust Governance Manager, Greenwood House, Private Road No 2, Colwick Quays Business Park, NG4 2JY or emailed to firstname.lastname@example.org.
If you require further information about the Data Protection Act, this is available on the Information Commissioner's website at www.ico.org.uk