The Eight Principals of Data Protection

The eight principles of the Data Protection Act 1998 are

1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes.
3. Personal data shall be adequate, relevant and not excessive.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data must be processed in accordance with the rights of the individual.
7. Personal data must be kept secure in order to prevent loss or unauthorised disclosure.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area.