Eight Principles of Data Protection

There are eight broad rules in the Data Protection Act. These state that Personal Data must be:

• fairly and lawfully processed;
• processed for limited purposes;
• adequate, relevant and not excessive;
• accurate;
• not kept for longer than is necessary;
• processed in line with the Data Subject's rights;
• secure; and
• not transferred to countries without adequate protection.