Data Protection Principles

The Data Protection Act defines eight data protection principles:-

1. personal data should be processed in a fair and lawful manner
2. you can only obtain personal data for specified and lawful purposes, for which the individual gives consent. You cannot simply gather lists of people’s personal data 
3. personal data stored must be relevant to and adequate for the purpose you have disclosed
4. personal data must be accurate and kept up to date
5. personal data must not be stored for longer than is necessary for the specified purpose.  Retaining details of people with whom you have had no recent contact, for example, previous volunteers, is an infringement of the law
6. appropriate security must be taken to ensure against unauthorised access
7. personal data must not be transferred abroad unless the country has adequate protection or unless the data subject has given consent to transfer 
8. personal data can only be processed in a way which does not infringe the rights of individuals

Penalties for Breaching the Data Protection Act

Any organisation that breaches the Data Protection Act 1998 by seriously contravening one or more of the data protection principles could face substantial financial penalties under powers afforded to the Information Commissioner's Office.

For more information visit your local support organisation

We are always interested in your views and experience of using the Community Toolkit. If you have any feedback or questions please complete our Feedback Form

The Community Toolkit is owned and maintained by Skye and Lochalsh CVO Conditions of Use
Last Updated 26/03/2013 08:40