Data Protection Act 1998

Data Protection Act 1998

Act of Parliament
Parliament of the United Kingdom
Long title	An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
Citation	1998 c. 29
Territorial extent	England and Wales Scotland Northern Ireland
Dates
Royal assent	16 July 1998
Other legislation
Repeals/revokes	Data Protection Act 1984
Repealed by	Data Protection Act 2018
Status: Repealed
Text of statute as originally enacted

Data Protection Act 1984
Act of Parliament
Parliament of the United Kingdom
Long title	An Act to regulate the use of automatically processed information relating to individuals and the provision of services in respect of such information.
Citation	1984 c. 35
Dates
Royal assent	12 July 1984
Repealed	1 March 2000
Other legislation
Repealed by	Data Protection Act 1998
Status: Repealed
Text of statute as originally enacted

The Data Protection Act 1998 (c. 29) (DPA) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

Under the 1998 DPA, individuals had legal rights to control information about themselves. Most of the Act did not apply to domestic use,^[1] such as keeping a personal address book. Anyone holding personal data for other purposes was legally obliged to comply with this Act, subject to some exemptions. The Act defined eight data protection principles to ensure that information was processed lawfully.

It was superseded by the Data Protection Act 2018 (DPA 2018) on 23 May 2018. The DPA 2018 supplements the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. The GDPR regulates the collection, storage, and use of personal data significantly more strictly.^[2]