Data related to use of information (Data Protection act) (p3, m2)

Data protection act

The data protection act is a law that secures personal information about people who interact with a company through employment or externally. Data protection can protect personal information such as payment details, contact information and personal details such as mental state. The information is gathered by a  data controller who collects the most important data that is vital for the organisation and what the data will be used for.

There are several principles for the data protection, these are the following principles.

Used fairly and lawfully

This is where the person who has had the information collected on them has the right to know that information is being collected on them and what the information is being used as the end result.

Personal data can be held only for specified and lawful purposes

Is when the collector of the information must state what they are using the information or and actually use the information towards that reason and not any other reason not specified by the company they work for.

Personal data should be adequate, relevant and not excessive for the required purpose

This is where the collector of the information must collect relevant information about the individual they are collecting information about. An example of this where you would collect information about his contact information or name which is relevant, but you would not collect information about the individuals eye color.

Personal data should be accurate and kept up-to-date.

This is where stored information on a individual must be kept up to date so that it remains relevant and useful. An example of this is a employee could change there contact details or second name, another example could be that they live at a address that is wrong so it would have to be corrected so that the information Is accurate so it would be important to keep it up to date. 

Personal data should not be kept for longer than is necessary.

This is where information that is no longer needed should be removed as it becomes irrelevant or not useful anymore. an example of this is CVs as you are supposed to keep it for five months as it can take up storage and they already have your personal details on log which you provide from your CV.

 

Data must be processed in accordance with the rights of the data subject.

This is where the individual who has data on him/her has the right to see that data at any time so that they may take a copy, change or just view.

Appropriate security measures must be taken against unauthorized access.

This is where data on a subject are protected from people who do not have access to the data on the subject this is done by taking security procedures such as making sure that you have anti hacking procedures or taking precautions that don't let people see data about people they shouldn't know about.

Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the Data protection act.

Is where the company if they wish to share information with other companies outside of it's own country can only share the information with countries that have similar law to the data protection act otherwise your are sharing information with people from a coutry that do not have access to the information.