Data Protection Act Eight Principles
LO4 :: Understand the Factors to be Considered when Collecting and Processing Data and Storing Data & Information
Personal data must be fairly and lawfully processed
This means that personal data must not be collected by misleading the person into providing it and the data collected can only be used lawfully.
Personal data must be processed for limited purposes
This means that personal data must only be used for the purpose for which it was obtained.
Personal data must be adequate, relevant and not excessive
This means that personal data that is stored should be just enough for the task to be carried out, only relevant for the task, and not include other data.
Personal data must be up to date
This means that the person storing the data has a duty to ensure that any data they hold is accurate and free from errors.
Personal data must not be kept for longer than necessary
This means that data should be destroyed or deleted when it is no longer needed. This should be carried out to ensure that others cannot read or access it.
Personal data must be processed in line with the individuals rights
This principle ensures that the persons data is processed so that their rights are respected.
Personal data must be kept secure
Any stored data must be secure. The Data Protection Act ensures that businesses that hold data must take precautions against its loss, unauthorised access and damage.
Personal data must not be transferred to other countries outside the European Economic Area that do not have adequate data protection
Other countries around the world may not have the same level of data protection as the UK, so the act states that personal data must not be sent to countries with lower levels of data protection than those in the UK.
Print out this Page
Data Protection Act Key Terms