Website Legal Requirements 3 – The Data Protection Act

In the third part of my Website Legal Requirements series, I explain how the Data Protection Act affects your website and what you need to do to adhere to it.


The Data Protection Act defines UK law on the processing of people’s data and is the main piece of legislation that governs the protection of personal data in the UK. It gives people the right to know what information is held about them and provides a framework to ensure that personal information is handled properly.

The Act states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

It also provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

How Does This Affect My Website?

If your website collects users data, even a simple enquiry form asking for Name, Email and Phone Number, you should include a Privacy Policy that informs website visitors how you retain, process, disclose and purge their data in line with the requirements above.

Sources & More Info: