Data Protection Act 1998 - Summary


The Data Protection Act (DPA) is a United Kingdom Act of Parliament. It defines a legal basis for the handling in the UK of information relating to living people. It is the main piece of legislation that governs protection of data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can enforce the control of information about them. For more information contact the ICO, details listed below.


To view the complete Data Protection Act 1998 Click HERE

Data protection principles

  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-

    1. at least one of the conditions in Schedule 2 is met, and

    2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  4. Personal data shall be accurate and, where necessary, kept up to date.

  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Conditions relevant to the first principle

Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data.

  1. The data subject (the person whose data is stored) has consented ("given their permission") to the processing;

  2. Processing is necessary for 'the performance of a contract (any processing not directly required to complete a contract would not be "fair");

  3. Processing is required under a legal obligation (other than one stated in the contract);

  4. Processing is necessary to protect the vital interests of the data subject's rights;

  5. Processing is necessary to carry out any public functions;

  6. Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).



Accessing information held about You


To obtain a copy of information held about You, Contact Us.  Please note information will only be provided on paper and posted to your current address, at a cost of £10 per page payable upfront.  This is to cover admin and postage costs.  Information will be sent as is on our databases in raw format.  Please allow up to 90 days for delivery.



By telephone:

ICO Helpline:
08456 30 60 60
01625 54 57 45

Fax: 01625 524510




By post:

The Information Commissioner's Office,
Wycliffe House,
Water Lane,


By email:

If your enquiry is about a new or existing notification under the Data Protection Act, please email You may find it helpful to read more about notification  and the need to notify before sending your enquiry.


For any other enquiries about the legislation that the ICO are responsible for, or to submit a complaint electronically, please use the ICO online enquiries form. You may find it helpful to read more about the ICO or learn more about how to complain before sending your enquiry.


If your enquiry is not about the legislation that the ICO is responsible for, please email



Regional Offices


In addition to the ICO head office in Wilmslow, there are also offices in Scotland, Wales and Northern Ireland. If you would prefer to contact one of these offices please use the following contact information.  Please do not send notification forms or fees to our regional offices. These are processed at the Wilmslow Office.


Information Commissioner's Office - Scotland , 28 Thistle Street , Edinburgh , EH2 1EN
telephone: 0131 225 6341
fax: 0131 225 6989


Information Commissioner's Office - Wales, Cambrian Buildings, Mount Stuart Square, Cardiff, CF10 5FL
telephone: 029 2044 8044
fax: 029 2044 8045


Northern Ireland
Information Commissioner's Office - Northern Ireland, Room 101, Regus House, 33 Clarendon Dock, Laganside, Belfast, BT1 3BG, Northern Ireland
telephone: 028 9051 1270
fax: 028 9051 1584




Revised August 2014