1. The Data Protection Act

The Data Protection Act controls how your personal information is used by organisations, businesses or the government.

Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the UK without adequate protection

There is stronger legal protection for more sensitive information, such as:

  • ethnic background
  • political opinions
  • religious beliefs
  • health
  • sexual health
  • criminal records

Help us improve GOV.UK

Please don't include any personal or financial information, for example your National Insurance or credit card numbers.