Home > yourrights > the right to know/data protection act > data protection act
> Other rights under the DPA
Other rights under the DPA
In addition to providing you with a right of access to personal data, the Data Protection Act also places other obligations upon data controllers. A data controller must only use information about you in accordance with the data protection principles. Amongst other things, these require that the information must be collected and used fairly and lawfully, that the information must be accurate and adequate and not held longer than necessary for the purposes for which it is held. These purposes must be specified in the data controller’s data protection register entry. The information must not be used in a manner incompatible with those purposes. The data protection principles also require that information must not be transferred to countries outside Europe if those countries cannot guarantee the same level of protection of the rights and freedoms afforded under the Data Protection Act.
Some structured manual files will not be fully covered by these further obligations until 24 October 2007.
The data controller’s register entry must state in general terms the kinds of organisations to whom it may want to disclose data, but need not give the names of the specific organisations. For example, it may tell you that disclosures will be made to local authorities, but not which ones.
You cannot be required, under the terms of a contract, to obtain your health records and pass them on to an employer or anyone else. When the Data Protection Act is fully in force it will also prohibit an employer or service supplier from requiring you to obtain and pass on to it information from your criminal or police records. However, Part V of the Police Act 1997, which governs access to criminal records for employment purposes allows employers to require prospective employees to obtain a certificate of convictions from the Criminal Records Bureau.
Some structured manual files will not be fully covered by these further obligations until 24 October 2007.
The data controller’s register entry must state in general terms the kinds of organisations to whom it may want to disclose data, but need not give the names of the specific organisations. For example, it may tell you that disclosures will be made to local authorities, but not which ones.
You cannot be required, under the terms of a contract, to obtain your health records and pass them on to an employer or anyone else. When the Data Protection Act is fully in force it will also prohibit an employer or service supplier from requiring you to obtain and pass on to it information from your criminal or police records. However, Part V of the Police Act 1997, which governs access to criminal records for employment purposes allows employers to require prospective employees to obtain a certificate of convictions from the Criminal Records Bureau.
