Login

Forgotten your password?

Close

Enter your registered email address below to reset your password.

Register

 

Partner area Click to login or register

Simpler smarter voice

Data Protection Act

The Data Protection Act lays out eight principles:

First principle

“Personal data shall be processed fairly and lawfully.”

Second principle

“Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.”

Third principle

“Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed.”

  • Must hold the minimum amount of information which enables the task to be performed
  • Not acceptable to hold information on the basis it will be useful in the future
  • Must regularly seek to review the information as that which was adequate, may no longer be adequate and in fact be excessive

Fourth principle

“Personal data shall be accurate and, where necessary, kept up-to-date.”

  • There will not be a breach if you can show you have taken “reasonable steps” to ensure accuracy

Fifth principle

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.”

  • Some data must be kept for a period of time, for example:In accordance with Police and Criminal Evidence Act 1984 CCTV code of conduct on recorded material Historical reasons Legal reasons (PI claims can be made three years after an accident) Employment references

Sixth principle

“Personal data shall be processed in accordance with the rights of data subjects under this act.”

  • You will not be in breach of this principle providing you comply with certain notices regarding the right to prevent processing likely to cause damage or distress, the right to prevent processing for purposes of direct marketing and you do not fail to treat a data request in accordance with the right of a data subject

Seventh principle

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

  • Must consider the damage which will result from a breach of security (e.g. contractual negotiations) and the nature of the data to be protected (sensitive personal data)

Eighth principle

“Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protections to the rights and freedoms of data subjects in relation to the processing of personal data.”

  • The European Economic Area consists of 15 EC member states and Iceland, Liechtenstein and Norway
  • If in doubt, do not release without the express permission of the data subject and ensure that is in writing
  • An exception to the principle is similar to Schedule 3 i.e. necessary, or subject to a contract or reasons of substantial public interest, to obtain legal advice or defending legal rights

© Red Box Recorders 2010, all rights reserved