top of page

6.1b: Legislation

Exam Board:


Data Protection Act (2018)

In 2018 the European Union introduced GDPR (General Data Protection Regulation) to protect the privacy of data for people in the EU. The UK matched this by updating the Data Protection Act introduced in 1998 to become the Data Protection Act (2018).

This act protects the data of individuals that is stored on computers and processed by organisations.

How the Data Protection Act works:

Each person who has their data stored is known as a data subject. An employee within an organisation must be appointed as a data controller and it is they who are responsible for registering with the Information Commissioner.


The Information Commissioner is the person in the UK who is responsible for managing several laws, most significantly the Data Protection Act.


When registering with the Information Commissioner, the organisation's data controller must be clear on exactly:

  • What information they are collecting,

  • Why it is being collected,

  • What the data will be used for.

The six principles of the Data Protection Act state that data must be:

1. Collected lawfully and processed fairly.

4. Data must be accurate and up-to-date.

2. Only used for the reasons specified.

Principles of the Data Protection Act (2018)

5. Data must not be stored for longer than necessary,

3. Data must be relevant and not excessive.

6. Data must be stored and processed securely.

Computer Misuse Act (1990)

This act was introduced as computers became cheaper and more common at home and work . The act attempts to stop and punish those who use computers inappropriately. Breaking any of the three principles could result in fines and a jail sentence but only if it can be proved it was done on purpose and not by accident.

The Computer Misuse Act (1990) includes three main principles:​

1. No unauthorised access to data.

Example: Hacking a computer system.

2. No unauthorised access to data that could be used for further illegal activities.

Example: Accessing personal data to use as blackmail or identity theft.

3. No unauthorised modification of data.

Example: Spreading a virus to change data.

Copyright, Designs & Patents Act (1988)

This act makes it a criminal offence to copy work that is not your own without the permission of the creator or the copyright holder. This can refer to text, images, music, videos or software.


Owning the copyright of an image might not prevent others from copying and using it but this act means that the owner can bring legal proceedings in court to those who have stolen their work.


However, it is difficult to trace who has stolen work once it has been uploaded to the internet and copies can easily spread, especially television shows and movies.

This act specifically prohibits the following actions:

  • Making copies of copyrighted material to sell to others.

  • Importing and downloading illegally copied material (except for personal use).

  • Distributing enough copyrighted material to have a noticeable effect on the copyright holder.

  • Possessing equipment used to copy copyrighted material, as part of a business.

Software Licences

A software licence refers to how a user can legally use the software, there are two main types:

Open Source Licence

Source code is the software code written by programmers.

If the software is open source it means that users can view and modify the source code.


Linux, Python and Firefox are examples of open source software.

Programming Console



Because the source code is available to edit, it can be customised to the organisation's needs.

Often shared in the public domain so users can work together to modify, debug and improve a product.

Unwanted features can be removed to make the software run faster.

There are security risks - some editors may add malicious code to the program.

Open source software is often low in price and sometimes free.

It may be difficult to receive support as development is often distributed between people in different locations.

The code may be prone to errors as it may not have been tested fully.

It requires technical skills to be able to adapt source code efficiently and to maintain the code.

Proprietary Licence

Another term for a proprietary licence is closed source because the code is restricted - users are prevented from being able to view or modify the source code.


You buy the right to use the software but you don't actually own it. Microsoft Office, Fortnite and Spotify are examples of closed source software.

Programming Console



The code is well tested and has been professionally developed. Updates will generally be secure.

Users must rely on the company to provide updates and fix issues. This might be infrequent or stop completely.

The company can be held to account if it does not perform as listed in the terms and conditions upon purchase.

Often not free and may be expensive.

Most developers will provide some form of help/support.

Users cannot modify, debug or improve the code for their own benefit.

Monochrome on Transparent.png

Questo's Questions

6.1b - Legislation:

1a. State the 6 principles of the Data Protection Act (2018)[6]

1b. Explain how the Data Protection Act works. In your answer, you should include definitions of a data subject, the data controller and the Data Commissioner[6]

2. Describe the 4 principles of the Computer Misuse Act (1990). [3]

3a. What is the purpose of the Copyright, Designs & Patents Act (1988)[2]

3b. Describe 3 actions that CDPA (1988) prohibits[3]

4a. Describe the difference between an open source and a proprietary licence. [2]

4b. State two benefits and two drawbacks of using software with a:

  • Open source licence [4]

  • Proprietary licence [4]

bottom of page