BTBATB 2017

Section 10 of the Data protection act

In England and Wales, the processing of "Personal Data" is controlled by the Data Protection Act 1998. This lays out the rights and responsibilities of the "Data Subject", as well as the rights and responsibilities of the company processing it.

Responsibilities of the Data Controller

The "Data Controller" has to follow strict rules, known as the "Data Protection Principles". These state that they must insure the information they process is;

• used fairly and lawfully

• used for limited, specifically stated purposes

• used in a way that is adequate, relevant and not excessive

• accurate

• kept for no longer than is absolutely necessary

• handled according to people’s data protection rights

• kept safe and secure

• not transferred outside theEuropean Economic Areawithout adequate protection.


The Act also provides stronger protection for more sensitive information, in particular information relating to the "Data Subjects" ethnic background, political view, religion, health (including sexual health) or criminal history.

What is "Personal Data"

The phrase "Personal Data" is commonly used when dealing with companies in any way. It is perhaps most commonly seen when signing up with organisations, normally in the form of a tick box indicating consent for your "Personal Data" to be passed on to third parties. Companies store the "Personal Data" of pretty much everyone they come into contact with.  


"Personal Data" refers to any information relating to an individual that is identified by the data, or can be identified by the data (the "Data Subject"). This data usually takes the form of names, addresses, post codes and dates of birth, but can include things such as bank details, National Insurance information, income/expenditure calculations, credit histories and occupation.

What section 10 allows you to do...

Put very simply, you can write to companies and ask them to stop storing your personal data, as long as they are causing you some kind of damage or distress - unless you've said they can or you've entered into a contract with them.

Without the ability to process your "Personal Data", they'll find it very hard to continue to communicate with you. A Sec10 provides a way to and all interaction with a company, as long as you can tell them why it's causing you damage or distress.