The Eight Principals of Data Protection
The eight principles of the Data Protection Act 1998 are
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained only for one or more specified and lawful purposes.
- Personal data shall be adequate, relevant and not excessive.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data must be processed in accordance with the rights of the individual.
- Personal data must be kept secure in order to prevent loss or unauthorised disclosure.
- Personal data shall not be transferred to a country or territory outside the European Economic Area.