Skip navigation to content

1. Introduction

The Data Protection Act 1998 (the Act) came into full force on 1 March 2000. It is much wider in scope than the 1984 Act which it replaces. In particular:

  • The Act covers not only computerised data, but also manual records held in 'relevant filing systems' (systems which allow for ordered retrieval, including card indexes etc).
  • The definition of 'data processing' has been broadened to include collection, recording, holding, retrieval, consultation, use and disclosure of data.
  • Certain types of data are now classed as 'sensitive' (data relating to ethnicity, political opinion, religion, trade union membership, health, sexuality or criminal record of the data subject) and the requirements for processing such data are more stringent.
  • New conditions affect transfer of data to countries outside the European Economic Area - publishing on the world wide web may fall into this 'data transfer' category.

The intention of the Act is not to prevent data processing, but to ensure that it is done fairly and without adverse effect on the individual the data relates to. To this end, the Act lays down specific conditions for processing personal data.

A description of the Principles of the Act and definitions of some of its terms can be found in Appendices A and B of the University Data protection policy.

The University is legally obliged to comply with the provisions of the Data Protection Act. The following notes are for the guidance of staff in the University as to these obligations.

It is not, however, possible to cover every activity that an individual or School/Unit might be involved in.  If in doubt, please contact the University's Data Protection Co-ordinator:


Data Protection Co-ordinator

IT Services
Butts Wynd Building St Andrews Fife
St Andrews
KY16 9AL
Scotland, United Kingdom

Tel: 01334 46 4010/2776