Data Protection Act 1998
| Act of Parliament | |
| Long title | An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. |
|---|---|
| Citation | 1998 c. 29 |
| Introduced by | Jack Straw MP, Secretary of State for the Home Department (Commons) Lord Williams of Mostyn, the Minister of State, Home Office (Lords) |
| Territorial extent |
|
| Dates | |
| Royal assent | 16 July 1998 |
| Other legislation | |
| Repeals/revokes |
|
| Repealed by | Data Protection Act 2018 |
Status: Repealed | |
| Text of statute as originally enacted | |
The Data Protection Act 1998 (c. 29) (DPA) was an act of Parliament of the United Kingdom designed to protect personal data stored on computers or in organized paper filing systems. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of personal data.
The 1998 act marked a significant change in how personal details were handled back in the UK. Before it, privacy laws mainly covered computer records, whereas this law was applied to both digital and physical files. It aimed to make sure that any group or company gathering data did it fairly, under ethical procedures, and kept user information safe and confidential as technology rapidly advanced.
Under the 1998 DPA, individuals had legal rights to control information about themselves. Most of the Act did not apply to domestic or personal use, such as keeping a private address book. Anyone holding personal data for other purposes was legally obliged to comply with this Act, subject to some exemptions.
The Act established eight crucial data protection principles to ensure that information was processed lawfully, kept accurate, stored securely, and utilised ethically.
The DPA 1998 was eventually superseded by the Data Protection Act 2018 (DPA 2018) on 23 May 2018, which extended the EU General Data Protection Regulation (GDPR), which came into effect just two days later, on 25 May 2018. The newer Act and GDPR strengthened privacy security and placed greater responsibility on companies handling personal data.