UK Data Protection Act

Get started

Legislative summary
The European Commission’s Directive on Data Protection (Directive 1995/46/EC) protects the fundamental rights of European Union citizens to privacy with respect to the processing of personal data. The primary focus of the Directive is on the acceptable use and protection of personal data. The United Kingdom implemented the protections mandated by the Directive through its Data Protection Act of 1998, summarized by the following Data Protection Principles:

• Personal data should be processed fairly and lawfully and only with consent.
• Personal data should be obtained only for specified and lawful purposes and should not be further processed in any manner incompatible with those purposes.
• Personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
• Personal data should be accurate and kept up to date.
• Personal data processed for any purpose should not be kept for longer than is necessary for that purpose.
• Personal data should be processed in accordance with the rights of data subjects.
• Appropriate technical and organizational measures should be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
• Personal data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

HP Application Security Center capabilities

• Verify that links to privacy policies exist at appropriate places in your web applications
• Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
• Get detailed security assessment reports categorized by the U.K. Data Protection Act sections

Learn more