The Data Protection Act provides for the protection of individuals against the violation of their privacy by the processing of personal data. The Act provides a very wide definition of the term “ processing” to include the collection, recording, organising, storage, adaptation, alteration, retrieval, gathering, use, disclosure, transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of data.
The Act therefore regulates matters such as:
- processing data for direct marketing purposes;
- the rights of data subjects, namely the individuals whose data is being processed;
- the obligations of data controllers, namely those persons who decide which personal data is to be collected and processed and the manner in which such is to be done;
- the obligations of data processors, namely those persons who process the data for and on behalf of data controllers; and
- transferability of personal data to third countries.
Persons who breach data protection legislation face very hefty fines and penalties as well as the possibility of imprisonment.