Professional Documents
Culture Documents
Trevor Ellis: "Having Fun With The Data Protection Act"
Trevor Ellis: "Having Fun With The Data Protection Act"
Trevor Ellis
Trainee Programmer
(1981 – 28 years ago)
Contractor
(since 1992 – for 17 years)
1
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
2
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
3
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
5
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
6
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Identifiable
7
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Context is Everything
An individual is 'identified' if you have distinguished
that individual from other members of a group.
• Trevor Ellis
• Trevor Ellis + EX15 3XX
8
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Context is Everything
The ‘data’ may enable you to
identify an individual whose name
you do not know and may never
intend to discover
Eight Principles
that processing must comply with…
1. Processed Fairly
2. Only for specified reasons
3. Adequate and not excessive
4. Accurate and up to date
5. Not held longer than necessary
6. In accordance with subject’s rights
7. Kept safe
8. Not transferred outside EU
www.ico.gov.uk 10
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 1
Personal data shall be processed fairly
lawfully and only as necessary*
11
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 2
Personal data shall be obtained only for
the specified purpose, and shall not be
further processed in any manner
incompatible with those purposes
12
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 3
Personal data shall be adequate,
relevant and not excessive in relation to
the purposes for which they are
processed
13
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 4
Personal data shall be accurate and,
where necessary, kept up to date
14
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 5
Personal data processed for any purpose
or purposes shall not be kept for longer
than is necessary for that purpose or
those purposes
15
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 6
Personal data shall be processed in
accordance with the rights of data
subjects under this Act
16
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 7 (pt1)
17
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 7 (pt2)
Appropriate organisational measures
shall be taken to protect personal data*
18
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Principle 8
Personal data shall not be transferred to
outside the European Economic Area*
19
“Having Fun with the Data Protection Act”
Trevor Ellis - June 2009
Summary – www.ico.gov.uk
Eight Principles
1. Processed Fairly
2. Only for specified reasons
3. Adequate and not excessive
4. Accurate and up to date
5. Not longer than necessary
6. In accordance with subject’s rights
7. Kept safe
8. Not transferred outside EU
20