|
There are eight main principles governing the processing of personal data under The Data Protection Act 1998.
Personal data shall:
-
be processed fairly and lawfully
-
obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes
-
be adequate, relevant and not excessive in relation to the purposes for which it is processed
-
be accurate and, where necessary, kept up to date
-
be kept for no longer than is necessary for the purposes for which it is processed
-
be processed in accordance with the rights of data subjects under the Act
-
be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage
-
not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection
The Information Commissioner's Website has information on the Act and guidance on the duties it has created.
|
