The Eight Data Protection Act Principles
The act contains eight “Data Protection Principles”. These specify that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.