Data protection is about ensuring people can trust you to use their data fairly and responsibly. If you collect information about individuals for any reason other than your own personal, family or household purposes, you need to comply. The UK data protection regime is set out in the DPA 2018, along with the UK GDPR. It takes a flexible, risk-based approach which puts the onus on you to think about and justify how and why you use data.
The purpose of the Act is to control how personal information is used by organisations, businesses and the government. It was designed to give legal rights to people who have personal information about them collected, used and stored and it was designed to protect individuals’ personal data from unauthorised access.
Everyone responsible for collecting and using data is responsible under the Data Protection Act.