What are our legal obligations under the DPA?

What does the Act say we must do?

The Act protects personal data in two ways:

These principles state that all personal data must be:

  1. fairly and lawfully processed
  2. processed for specified and lawful (i.e. limited) purposes
  3. adequate, relevant and not excessive
  4. accurate and up to date
  5. kept for no longer than is necessary
  6. processed in accordance with the individual's rights
  7. kept securely
  8. transferred to countries outside the European Economic Area only with adequate protection.