Guide to Data Protection Act for Data Controllers

How to use this guidance

This guidance is addressed to data controllers, i.e. the organisation, business or public authority that controls how the personal data is used. Separate guidance specifically for individuals (data subjects) may be found here.

This guidance aims to explain how the Office of the Ombudsman will likely interpret certain provisions of the DPA, and is not binding.

Typically, each section of the guide includes the following parts:

  • At a glance: provides a summary of the contents of the section;
  • Checklist: provides a handhold to help you check your high-level compliance with requirements and best practices under the DPA;
  • In brief: provides an overview of the individual topics the section addresses;
  • Further guidance: refers to guidance from other jurisdictions that may be helpful, although it is important that differences between applicable laws are considered; and
  • Relevant provisions: states the relevant sections of the Data Protection Act.

Please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any questions or comments.

Previous Next