| Introduction |
|
1 | (4) |
|
|
|
3 | (2) |
|
|
|
5 | (3) |
|
|
|
7 | (1) |
|
2 The eight Data Protection Principles |
|
|
8 | (2) |
|
|
|
9 | (1) |
|
|
|
9 | (1) |
|
3 Who is responsible for data protection? |
|
|
10 | (5) |
|
|
|
10 | (1) |
|
The Data Protection Compliance Officer |
|
|
11 | (2) |
|
|
|
13 | (1) |
|
|
|
13 | (2) |
|
4 Informing the data subject |
|
|
15 | (7) |
|
Other requirements for `fair' processing |
|
|
18 | (1) |
|
How to provide the information |
|
|
19 | (1) |
|
|
|
20 | (2) |
|
5 When do you need consent? |
|
|
22 | (7) |
|
Processing without consent |
|
|
24 | (3) |
|
|
|
27 | (2) |
|
6 Processing `sensitive' personal data |
|
|
29 | (4) |
|
|
|
31 | (2) |
|
7 Processing only for specific Purposes |
|
|
33 | (3) |
|
|
|
34 | (2) |
|
8 Monitoring employees and the public |
|
|
36 | (3) |
|
9 The requirement to have good quality data |
|
|
39 | (4) |
|
|
|
40 | (3) |
|
10 Archive and destruction policies |
|
|
43 | (4) |
|
|
|
44 | (3) |
|
11 People's right to see their own records |
|
|
47 | (9) |
|
The Subject Access procedure |
|
|
47 | (2) |
|
Example subject access form |
|
|
49 | (1) |
|
Information you do not have to provide |
|
|
50 | (1) |
|
When can you withhold third party information? |
|
|
51 | (2) |
|
|
|
53 | (3) |
|
12 Restrictions on direct marketing |
|
|
56 | (7) |
|
What is direct marketing? |
|
|
56 | (1) |
|
The Data Subject's rights |
|
|
57 | (2) |
|
Direct marketing by phone and fax: the Telecommunications (Data Protection & Privacy) Regulations 1999 |
|
|
59 | (2) |
|
Can you make that marketing call/fax? |
|
|
61 | (1) |
|
|
|
62 | (1) |
|
13 Other Data Subject rights |
|
|
63 | (3) |
|
Automated decision-making |
|
|
63 | (1) |
|
Processing that harms the Data Subject |
|
|
64 | (1) |
|
|
|
65 | (1) |
|
|
|
66 | (7) |
|
|
|
68 | (1) |
|
|
|
69 | (1) |
|
|
|
70 | (2) |
|
|
|
72 | (1) |
|
|
|
73 | (4) |
|
Information-sharing agreements |
|
|
74 | (1) |
|
Official requests for access to personal data |
|
|
75 | (2) |
|
16 Transferring data abroad |
|
|
77 | (6) |
|
Conditions under which data may be transferred |
|
|
78 | (1) |
|
Transfers to specific recipients overseas |
|
|
79 | (2) |
|
Personal data on your web site |
|
|
81 | (1) |
|
|
|
81 | (2) |
|
17 Exemptions and other special cases |
|
|
83 | (5) |
|
Research, statistical and historical purposes |
|
|
83 | (1) |
|
`Subject information' exemptions |
|
|
84 | (1) |
|
`Non-disclosure' exemptions |
|
|
84 | (1) |
|
|
|
85 | (1) |
|
|
|
85 | (1) |
|
|
|
86 | (1) |
|
Transition period for old manual files |
|
|
86 | (2) |
|
|
|
88 | (7) |
|
|
|
90 | (3) |
|
|
|
93 | (1) |
|
Personnel Code of Practice |
|
|
93 | (2) |
|
20 Enforcement and penalties |
|
|
95 | (5) |
|
|
|
95 | (1) |
|
|
|
96 | (1) |
|
|
|
97 | (1) |
|
|
|
97 | (1) |
|
|
|
97 | (1) |
|
|
|
98 | (1) |
|
|
|
98 | (2) |
|
21 The Data Protection Compliance Officer |
|
|
100 | (2) |
|
22 References and further reading |
|
|
102 | (3) |
|
|
|
105 | (2) |
|
|
|
107 | (1) |
|
Appendix 1 The Data Protection Principles |
|
|
107 | (2) |
|
Appendix 2 Schedule 2, Conditions relevant for purposes of the first principle: processing of any personal data |
|
|
109 | (2) |
|
Appendix 3 Schedule 3, Conditions relevant for purposes of the first principle: processing of sensitive personal data |
|
|
111 | (5) |
|
Appendix 4 Schedule 4, Cases where the eighth Principle does not apply |
|
|
116 | (2) |
|
Appendix 5 Definitions quoted from the Act |
|
|
118 | (3) |
| Index |
|
121 | |
Lisainfo e-raamatute kohta