Data Protection Act
The Data Protection Act is a law that controls how your personal information is used by organisations, businesses or the Government.
In the UK, it is the implementation of the European Union’s General Data Protection Regulation (GDPR).
Data Protection Act key principles
- You must have valid grounds (a lawful basis) for collecting and using personal data
- You must be clear and honest about how you will use the personal data
- You must use personal data in a way that is fair to the individuals concerned
- You must ensure personal data is:
- Adequate (to fulfil the stated purpose)
- Relevant (to the stated purpose)
- Limited to what is necessary
- You must ensure reasonable steps are taken to keep data accurate and updated
- You must not keep personal data for longer than you need it
- You must have appropriate security measures in place to protect the personal data that you hold
Data protection laws are designed to protect our personal data, regardless as to whether it is stored on a computer system or paper.