The Data Protection Principles
The Data Protection Act sets out eight principles governing the use of personal information. The main purpose of these principles is to protect the interests of the individuals whose personal data is being processed by the University and they apply to everything we do with personal data, unless an exemption applies.
These principles ensure that personal information is:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with individuals’ rights
7. Kept secure
8. Not transferred to other countries without adequate protection
The full provisions governing these principles are available in: Schedule 1 part 2 of the Data Protection Act
Further guidance is available in the University’s Data Protection Code of Practice.