Data Protection Act 1998


Intended audience:
Solution Store:

Anyone managing personal data in the UK
Click here to access the templates


The Data Protection Act controls how your personal information is used by organisations, businesses or the government.

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the European Economic Area without adequate protection

There is stronger legal protection for more sensitive information, such as:

  • ethnic background
  • political opinions
  • religious beliefs
  • health
  • sexual health
  • criminal records


Key Benefits

Here are the key benefits of the RequirementONE Data Protection ACT Solution.

Improved Data Protection

Reduce the time and expense of implementing the new data protection. Reduce risk within current programs by identifying areas for improvement.


The Framework creates a common language for the discussion of data protection issues that can facilitate internal and external collaboration.

Mapping Controls and Policies

Individual controls and policies may apply to numerous frameworks. These can be maintained as an interlinked set of procedures to avoid duplication of effort.

A Single Point of Truth

Each compliance element is stored as a record and can be updated, commented, controlled and audited individually. Data is accessible to all stakeholders with no version control issues.

Dependency Linking

All links and interfaces can be defined and maintained showing dependencies between various policies.


Track the progress of data protection projects. In-line analytics highlight gaps in data protection, traceability of changes and status of data protection efforts.


Internal and External audit teams benefit from a specialized interface with full visibility to review and evaluate procedures.

Typical Use Cases

Here is a typical, but not exhaustive, list of roles and associated use cases that would interact with this solution.

Role Use Case
End users
  • Consume the latest policies
Data protection team
  • Use the framework as a guide to implement the relevant controls and policies
Data protection officer
  • Manage and report against data protection
  • Roadmap to achieve or improve data protection


These apps and templates are used for the solution.

What Description
Data Protection Act 1998 A specification containing the Data Protection Act, which can be used to ensure that all policies, controls and procedures are in line with the current legislation

1) Download the Implementing the Data Protection Act specification from the Solution Store
2) Mark each record to show whether it is applicable to your organization.
3) Link each applicable record to the corresponding policy / control / procedure record
4) As the linked records are updated, mark the status of the work.
5) Use filters to identify work still to be done
6) If there are people in the organization who need to be informed, but do not have access to RequirementONE, Export the completed document to Word. 

Getting started

  1. Select an existing, or create a new project
  2. Click on the Solution Store, and select the Data Protection Act Templates
  3. Once you have the templates, add your custom data and work through the plan.

Additional notes

Combine GDPR with other compliance frameworks to provide a holistic Compliance solution for your organization. 

Related links

Questions or Comments?

Respond to this post if you want to comment on the template or ask the author a question.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk