Data Protection Act


The Data Protection Act 1998 sets rules for processing personal information and applies to personal data held in structured manual files as well as those held on computers. It deals with the processing of both sensitive and non-sensitive personal data.


This course is intended for anyone who handles personal information, either through manual or computer-held records.

About this course

The course contains additional resource materials, useful links and a refresher guide.


This course will enable you to: 

  • Understand the principles and purpose of the Act
  • Understand the key terminology associated with the Act
  • Know what is classified as sensitive personal data
  • Know how to process sensitive personal data
  • Know the eight data protection principles
  • Know how to ensure that personal data is securely kept
  • Know what to do when giving out personal information over the phone
  • Know the rights of data subjects
  • Learn about 'Subject Access Requests'
  • Learn what can happen if a data controller fails to respond to a request
  • Know what to do if a request requires the disclosure of health information
  • Understand the key difference between the Data Protection Act and the Freedom of Information Act


    Here are a few topics covered in this course:

    Background to the Data Protection Act | What is data? | Processing data | Data controller | Sensitive personal data | Processing sensitive data | Data protection principles | Keeping record secure | Asking for personal information over the phone | Rights of the individual | Subject access requests | Informal data requests | Formal data requests | The 40 day time period | Failure to respond to requests | Negotiation with the data subject | Exemptions to subject access | Dealing with health information | The Freedom of Information Act