Comply with data protection legislation
The eight principles
The Data Protection Act 1998 sets out eight rules that data controllers
must follow for protecting personal information - these are known
as the eight principles.
Personal data must be:
- Processed fairly and lawfully.
- Processed only for one or more specified and lawful purpose.
- Adequate, relevant and not excessive for those purposes.
- Accurate and kept up-to-date - data subjects have the right
to have inaccurate personal data corrected or destroyed if the
personal information is inaccurate to any matter of fact.
- Kept for no longer than is necessary for the purposes it is
being processed.
- Processed in line with the rights of individuals - this includes
the right to be informed of all the information held about them,
to prevent processing of their personal information for marketing
purposes, and to compensation if they can prove they have been
damaged by a data controller's non-compliance with the Act.
- Secured against accidental loss, destruction or damage and against
unauthorised or unlawful processing - this applies to you even
if your business uses a third party to process personal information
on your behalf.
- Not transferred to countries outside the European Economic Area
(the EU plus Norway, Iceland and Liechtenstein) that do not have
adequate protection for individual's personal information, unless
a condition from Schedule four of the Act can be met.
If a data controller's processing of personal information does
not comply with the principles, the Information Commissioner can
take enforcement action against that data controller.
Download
compliance advice for small businesses from the Information Commissioner
website (PDF).
Subjects covered in this guide
 Print
This Page
Source - Business Link; Crown Copyright.
|
