Hello Friends!
Today we are discussing on the very important aspect of corporate data handling " Data Protection" I have given a very basic idea regarding the same, Please have a look.
Introduction
The Data Protection Act governs, through a set of principles, the collection, processing and disposal of data held about individuals and the rights of individuals to access this data.
Any person or organisation that processes personal data must do so, in compliance with the eight principles.
Principles Of Dataprotection
The Principles require that personal data shall be:
1) Processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
2) Obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose of those purposes.
3) Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4) Accurate and, where necessary, kept up to date.
5) Not kept for longer than is necessary for that purpose or those purposes.
6) Processed in accordance with the rights of data subjects under the Act.
7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss of, destruction of or damage to, personal data.
8) Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Rights of Individuals under the Act
The Data Protection Act governs, through a set of principles, the collection, processing and disposal of data held about individuals and the rights of individuals to access this data.
Any person or organisation that processes personal data must do so, in compliance with the eight principles.
Principles Of Dataprotection
The Principles require that personal data shall be:
1) Processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
2) Obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose of those purposes.
3) Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4) Accurate and, where necessary, kept up to date.
5) Not kept for longer than is necessary for that purpose or those purposes.
6) Processed in accordance with the rights of data subjects under the Act.
7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss of, destruction of or damage to, personal data.
8) Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Rights of Individuals under the Act
Individuals have seven basic rights under the Act
1)Access to personal data
2)Prevention of processing likely to cause damage or distress
3)Prevention of processing for direct marketing
4)Prevention of automated decision-taking
5)Rectification, blocking, erasure, destruction
6)Compensation
7)Request for assessment
An individual can apply to a court for an order requiring the data controller to rectify, block, erase or destroy data relating to them that is inaccurate or contains an expression of opinion based upon that inaccurate data.
1)Access to personal data
2)Prevention of processing likely to cause damage or distress
3)Prevention of processing for direct marketing
4)Prevention of automated decision-taking
5)Rectification, blocking, erasure, destruction
6)Compensation
7)Request for assessment
An individual can apply to a court for an order requiring the data controller to rectify, block, erase or destroy data relating to them that is inaccurate or contains an expression of opinion based upon that inaccurate data.
Criminal Offences under the dataprotecton act:
It is an offence to knowingly or recklessly obtain, disclose or procure the disclosure of personal information without the consent of the data controller. There are some exceptions to this - for example, where such obtaining or disclosure was necessary for crime prevention/ detection. If a person has obtained personal information illegally it is an offence to offer or to sell personal information.
However there are no custodial sentences in respect of Dataprotection act offences and no powers of arrest all offences are punishable only by a fine. Search warrants are available to the Information Commissioner by virtue of section 50 Under dataprotection act.
However there are no custodial sentences in respect of Dataprotection act offences and no powers of arrest all offences are punishable only by a fine. Search warrants are available to the Information Commissioner by virtue of section 50 Under dataprotection act.
References :
Thanks
Raheel Ahmed
.
No comments:
Post a Comment