Data Protection

The Data Protection Act 1998 UK aims to promote high standards in the handling of personal information and so protect the individual’s right to privacy. The Data Protection Act 1998 applies to firms holding information about living individuals in electronic format and, in some cases, on paper. They must follow the eight data protection principles of good information handling.

These data protection principles say that personal information must be:
*	fairly and lawfully processed;
*	processed for specified purposes;
*	adequate, relevant and not excessive;
*	accurate and, where necessary, kept up to date;
*	not kept for longer than is necessary;
*	processed in line with the rights of the individual;
*	kept secure; and
*	not transferred to countries outside the European Economic Area unless the information is adequately protected.

The Data Protection Act 1998 covers any information that relates to living individuals which is held on computer or structured manual files. For example, this may include information such as name, address, date of birth and opinions about the individual or any other information from which the individual can be identified.

The processing of personal information, so far as the Data Protection Act is concerned, includes obtaining, disclosing, recording, holding, using, erasing or destroying personal information.

Back to Accreditation Page