Also found in: Dictionary
data protection the law applicable to the control of the use of information about people by those into whose hands it has come. It derives from the Community law of the European Union (EU), which provides that member states must protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data. The law is not restricted to information on a computer. The system in the UK works through a Data Protection Register and the supervision of the INFORMATION COMMISSIONER (replacing the former Data Protection Commissioner). Those who are to use the information must register (data controllers and data processors). Even those who do not are obliged to deal properly with data as laid down in eight principles: data must be fairly and lawfully processed; data must be processed for limited purposes; the processing must be adequate, relevant and not excessive; the data must be accurate; data should not be kept longer than necessary; data must be processed in accordance with the data subject's rights; data should be kept secure; data cannot be transferred to countries without adequate protection. Generally, intra-EU transfer is permitted, as is transfer to so-called safe havens like the USA (see SAFE HARBOUR). The person about whom data is held - the data subject - has certain rights: a right of access; a right to prevent processing likely to cause damage or distress; a right to prevent certain processing for the purpose of direct marketing; rights in relation to automated decision-taking; and in certain circumstances a right to compensation. There are many detailed exemptions for the security services and other lawful authorities.