The main legislation governing data protection is the Data Protection Act 1998 (DPA) which came into force on 1 March 2000.
The DPA implements an EU Directive (the Data Protection Directive 95/46/EC) and both the Act and the Directive aim to give individuals rights in connection with the processing of manual and computerised personal data and on the movement of such data.
Other important statutory provisions concerning data protection include the following:
- Police Act 1997
- Human Rights Act 1998
- Freedom of Information Act 2000 (FOI Act) (only applicable to public authorities)
- Regulation of Investigatory Powers Act 2000 (RIPA)
- The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699)
- The Data Protection (Processing of Sensitive Personal Data) Order 2000 (SI 2000/2905)
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426)
- The Environmental Information Regulations 2004 (SI 2004/3391)
- The Data Protection (Processing of Sensitive Personal Data) Order 2006 (SI 2006/2068
- Criminal Justice and Immigration Act 2008
- The Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 (SI 2002/1677)
- The Data Protection (Processing of Sensitive Personal Data) Order 2009 (SI 2009/1811)
- The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 (SI 2010/31)
- The Data Protection (Monetary Penalties) Order 2010 (SI 2010/910)
- The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208).
- Protection of Freedoms Act 2012.
Information and guidance is available from the Information Commissioner's Office (ICO) website - see the related Q&A Where can guidance and assistance on interpretation of the Data Protection Act be found?
In December 2015, after months of negotiations, the EU Commission, Parliament and Council of Ministers reached agreement on the General Data Protection Regulation.
Significant changes are proposed which will affect how all employers (and other institutions) throughout the EU deal with personal data. For more information see the related Q&A What changes are likely to result to data protection form the EU General Data Protection Regulation?.