CHAPTER 5: DATA PROTECTION ACT 1998 (THE ‘DPA’)
The DPA requires any organization that processes personal data to comply with eight enforceable principles of what it identifies as good practice. The eight principles are that personal data must be:
1. fairly and lawfully processed;
2. processed for the specified purposes;
3. adequate, relevant and not excessive;
4. accurate and up-to-date;
5. kept no longer than necessary;
6. processed in accordance with the data subject’s rights;
7. secure (‘appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’); and
8. not transferred to countries that do not provide ...
Get IT Regulatory Compliance in the UK now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.