Data protection principles

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is: 

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records. 

Subject rights

The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store or collect personal data.

The person who has their data processed has the right to: 

• View the data an organisation holds on them, for a small fee, known as 'subject access'
• Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded.
• Require that data is not used in a way which causes damage or distress.
• Require that their data is not used for direct marketing.

For more information on the DPA please visit: http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1