Home For AAT student members AQ 2013 AAT Level 2 (Level 5 in Scotland)

Data Protection Act

J.BrookesJ.Brookes New MemberRegistered Posts: 10
Last week I given 3 sheets about the data protection act to read, and then given some homework. In this Scenario, an assistant has left me some notes, of some requests off different people like

- The Managing Director had asked for a breakdown of all staff payments
- The Marketing Manager wanted the names and addresses of all members of staff to sell to a mailshot company
- The Marketing Manager said that if you let him have the password he would get the information himself
- Another member of the workforce wanted to know what tax code he had been given on the payroll system.

I am to write a Memo to my assistant which clearly states what action should be taken in each case and why. Reference should be made to any relevant current legislation.

The 3 sheets I have recieved do not give enough information about the DPA, and for example the first query from the Managing director does not state for what he wants the information. And as nobody has actually committed an offence as far as I know, how should I know what action should be taken?

I have been on the website where I could see the whole DPA, and I can't get my head around it. (probably because my english is a bit rusty from living abroad -.-)

Could somebody plz give me some advice as how I could go about solving this.


p.s. I don't want answers, I just would like to know how to go about this exercise.


  • blobbyhblobbyh Font Of All Knowledge Registered Posts: 2,415
    Are you aware of the basics of the DPA? If not, then they can be found here:


    As you're only after guidance and want to answer the questions yourself, start by looking at the four requests for information you've been given and try to see if they breach the basics of the DPA and if so, which parts?

    For the MD requesting salary information, this is usually a legitimate request and unlikely to breach any part of the Act as it's presumably for his own strategical use. In contrast, the selling of confidential employee information to a third party by the Marketing Manager clearly has issues but can you say what they are?

    Answer each request in turn - a simple paragraph should do - highlighting where (or not) it may come into conflict with relevant parts of the DPA. I'd say two of the requests are legit, two aren't but you'll need to clearly state whether the request has been granted or withheld while providing suitable reasons for all.
  • J.BrookesJ.Brookes New Member Registered Posts: 10
    Thank you very much for this helpful answer. I will follow your advice , also with the other parts of the exercise and see how I get on.
Sign In or Register to comment.