Here's a full index of our Data Protection Act 1998 guidance for organisations
Please note: The following information has not been updated since the Data Protection Act 2018 became law. Although there may be some subtle differences between the guidance on this page and guidance reflecting the new law – we still consider the information useful to those in the media.
Anonymisation
Audits
Big Data
Binding Corporate Rules
CCTV
Credit and finance
Crime mapping
Data processing
Data sharing
Deletion
Data Protection - general
Education
Employment
- Employment practices code
- Employment practices code – a quick guide
- Employment practices code – supplementary guidance
Encryption
Exemptions
- Using the crime and taxation exemptions
- Social networking and online forums – when does the DPA apply?
- Regulatory activity exemption
Identity scanning
International transfer
- Assessing adequacy for international data transfers
- Binding Corporate Rules
- Data transfers to the US and the Privacy Shield
Marketing
- Direct marketing
- Direct marketing checklist – ideal for small businesses
- Companies receiving unwanted marketing
- Guidance on political campaigning
The media
MPs and elected officials
- Disclosure of personal information by local authorities to councillors
- Constituency casework of Members of Parliament and the processing of sensitive personal data
- Guidance on political campaigning
Online and computing
- Bring your own device (BYOD) guidance
- Cloud computing
- IT asset disposal
- Personal information online code of practice
- Privacy in mobile apps: guidance for app developers
- Social networking and online forums – when does the DPA apply?
- Wi-Fi location analytics
Relevant filing system
RFID
Security
- A practical guide to IT security: ideal for the small business
- A practical guide to IT security: ideal for the small business (Welsh)
- Encryption
- Notification of privacy and electronic communications security breaches
Subject access
- Access to information held in complaint files
- Enforced subject access (section 56)
- How to disclose information safely – removing personal data from information requests and datasets
- Regulatory activity exemption
- Subject access: responding to a request checklist
Privacy and Electronic Communications Regulations 2003
- The Guide to Privacy and electronic communications
- Advice on the new cookies Regulations
- Notification of privacy and electronic communications security breaches
- Direct marketing
- Direct marketing checklist – ideal for small businesses
- Companies receiving unwanted marketing
- Guidance on political campaigning