Data Protection
Data Protection Act 1998
The Data Protection Act 1998 sets out rules for processing personal information, and it applies to some paper records as well as those held on computer and some automatically processed data, for example, document image processing, audio/video, photographs and CCTV. The Act gives individuals certain rights, and imposes obligations on those who record and use personal information to be open about how information is used and to follow eight data protection principles:
Data Protection Principles
Personal data must be processed following these principles so that data are:
processed fairly and lawfully
obtained for specified and lawful purposes
adequate, relevant and not excessive
accurate and, where necessary, kept up-to-date
not kept for longer than necessary
processed in accordance with the subject's rights
kept secure
not transferred abroad without adequate protection
The DIMERSAR Administration Manager who is the Data Protection Officer and is responsible for administering the Act and will process requests for access to data.
Your rights under the Act
The Data Protection Act 1998 came into force on March 1 2000. The Act gives legal rights to individuals in respect of personal data held about them by others.
Under the Act, personal data must be processed following the Data Protection Principles so that data are:
processed fairly and lawfully and only if certain conditions are met
obtained for specified and lawful purposes
adequate, relevant and not excessive
accurate and where necessary kept up-to-date
not be kept for longer than necessary
processed in accordance with the rights of data subjects
kept secure
not be transferred abroad unless to countries with adequate data protection laws
You are entitled to have access to information held about you, except where releasing that information would breach another person's privacy. You also have rights including rights to prevent processing likely to cause unwarrented damage or distress and to prevent processing for the purposes of direct marketing.
To exercise your rights under the Data Protection Act, you should contact the DIMERSAR Admin. Manager.
Making a Subject Access Request
If you wish to make a subject access request, your request must be:
made in writing (this may be in electronic form)
accompanied by a fee of £10
Before we can act on your request, we must:
be sure of your identity
be supplied with information from you in order to locate the information you seek
You are entitled:
to be informed whether your personal data are being processed by DIMERSAR Academy
to have the information constituting the personal data communicated to you
You may apply to access your data in writing in any way you choose.
On receipt of your completed request and payment of the fee, the DIMERSAR Academy is obliged to respond in 40 days. This period may be extended if we need further information from you or if we need to clear the release of someone else's information that forms part of your record. The information that we give to you will include an explanation of any codes contained in it.
The data will be in its latest form.
If you have any reason to believe that the DIMERSAR Academy has not dealt correctly with you, please first take the matter up with the DIMERSAR Academy Admin. Manager.
If you are still not satisfied, you should contact the Information Commissioner who is officially appointed to consider such complaints. His address is: Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
More Information
More information in the Data Protection Act can be found here: