• Home
  • Login
  • Welcome to the Staff Intranet
YOU ARE HERE: Skip Navigation LinksEdinburgh Napier Staff Intranet > Service Depts > Governance & Compliance > Governance Services > Data Protection > Data Protection Principles
 

​The Data Protection Principles

 

The GDPR sets out seven principles governing the use of personal information. The main purpose of these principles is to protect the interests of the individuals whose personal data is being processed by the University and they apply to everything we do with personal data, unless an exemption applies.

Image of padlock and PC screen

 

These principles ensure that personal information is:

 

1. Processed fairly, lawfully and transparently

 

2.  Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes

 

3.  Adequate, relevant and limited

 

4.  Accurate and up to date

 

5.  Kept in a form which permits identification of data subjects for no longer than is necessary

 

6.  Processed in a manner that ensures appropriate security

 

7.  The Controller shall be responsible for and demonstrate accountability

 

The full provisions governing these principles are available in Article 5 of the GDPR

 

Further guidance is available on the UK Information Commissioner's website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/ 

 

UK Information Commissioner's Guidance on Personal Data

There are several steps to determining whether data (electronic or manual) is personal data for the purposes of Data Protection legislation. Guidance can be found on the UK Information Commissioner's website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/ 

 

 

Page last reviewed 29 March 2019

Edinburgh Napier University is a registered Scottish charity.
Registration number SC018373