Data Protection principals and legislation exists to ensure that personal information about a person is not communicated or processed without the consent and knowledge of the person to whom that information relates.
In a world that has seen information technology take control and precedence over nearly all sectors of industry it is important (and indeed the 1998 Data Protection Act was crucial) in trying to regulate use of information and protect the data subject.
In attempting to do just this the Act imposed 8 data protection principles. They are as follows:
- Personal data should be processed fairly and lawfully
- data shall only be obtained for one or more specified and lawful purpose
- data shall be adequate, relevant and not excessive
- data shall be accurate
- data shall not be kept longer than necessary
- data shall be processed in accordance with the rights of the data subject
- appropriate measures shall be taken to ensure that data remains private
- data shall not be transferred outside European Economic Area.
It is important than any business or data handler is aware of the above and implements the same.