Home > DPA
Mind my data Click to visit the homepage
The ICO is manipulating the process again
The basics
Plausible deniability
Employment agencies
Useful links
Open in a new window/tab
The Information Commissioner
Mailing Preference Service
Telephone Preference Service
Royal Mail junk mail opt-out
Register of data controllers
My response to the ICO's tweet about policy
Are data controllers 'officially' lying to us?
Why do we need to accept a Privacy Policy?
Can I opt-out of a renewal quote under section 11 of the DPA?
Who's texting me about PPI?
Marketing corporate employees by e-mail

The Data Protection Act 1998

The Data Protection Act 1998 is the UK's principal data protection legislation. Every organisation that processes personal data in the UK must comply with the Act and, more specifically, with its eight data principles. Furthermore, every organisation that processes personal data must notify the ICO - unless they are exempt. Notification is the process by which a data controller gives the ICO details about their processing of personal information. The ICO publishes certain details in the register of data controllers, which is available to the public for inspection.

If an organisation is not exempt, then failure to notify is a criminal offence yet many organisations that are not exempt have failed to notify. What tends to happen is that companies use the ICO’s self-assessment guide (PDF)New window to incorrectly determine that they are exempt - rather than pay the £35 and register. However, if we just take one of the data processing purposes: Advertising, marketing and public relations for others, this is not an exempt purpose so if an organisation promotes the products or services on behalf of another company then they are unlikely to be exempt. For example, nearly ALL employment agencies should be registered as a data controllers because their core business is to advertise and promote jobs on behalf of third company employers. If your employment agency isn't able to provide you with a data controller registration number then it's likely that they are processing your personal data illegally and you should report them to the ICO.

The Data Protection Act 1998 is a good friend to the "no marketing" brigade

The Data Protection Act 1998 is our main weapon in the fight against unwanted direct marketing. Section 11 of the Data Protection Act 1998 gives each of us a statutory right to prevent processing for purposes of direct marketing. I started using this rule a few years ago to reduce the amount of unwanted e-mail and post that I receive and it has made a huge difference. I hardly ever receive direct marketing by post these days and I even make my banks - Lloyds TSB and Barclays, remove all marketing leaflets when they send me my bank statement by post - I'm just not interested in anything they have to offer; I just want to use them as a bank. Let’s fact it, within five minutes of looking online I could find a better deal than anything that they can offer me anyway so what’s the point?

My unwanted e-mail too is almost non-existent these days but only because I follow-up on every single unwanted e-mail. I've submitted 40+ complaints to the ICO within the past few years - which is nothing to brag about; it just shows how bad things are.

See verify acceptance of the ICO's assessment

Also see what is direct marketing?