teach-ict.com logo

THE education site for computer science and ICT

2. Data Protection Act (2018)

Computers are capable of holding and organising vast amounts of data, far more than was possible using older paper-based systems. In years past, someone would need to go through endless filing cabinets to find information on a single person. Now, a computer database allows instant access to any data collected on an individual.

The power of such databases and the potential for misuse is why Parliament passed the Data Protection Act in 1998 and has now been updated in 2018 to include the new European GDPR, General Data Protection Regulation.


The Act sets out rules for handling other peoples' personal data.

The DPA requires that every data controller (i.e. every organisation or sole trader) who wants to collect or process personal data must register with the Information Commissioners Office. They have to disclose what type of data they are collecting and why they are collecting it.

Sensitive data such as race, criminal background, or religious beliefs have even more restrictions placed on their collection.


Although the Act states that everyone who collects and uses personal data must register, there are a few exemptions to this rule:

National Security - If required for the purpose of safeguarding national security, the government does not have to disclose what data they are holding about individuals.

Crime - Data which is being held in order to prevent or detect a crime does not have to be disclosed.

Taxation - any data collected for taxation purposes is exempt

Challenge see if you can find out one extra fact on this topic that we haven't already told you

Click on this link: What is the Data Protection Act?