The Data Protection Principles
The Data Protection Act sets out eight principles governing the use of personal information. The main purpose of these principles is to protect the interests of the individuals whose personal data is being processed by the University and they apply to everything we do with personal data, unless an exemption applies.
These principles ensure that personal information is:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with individuals' rights
7. Kept secure
8. Not transferred to other countries without adequate protection
The full provisions governing these principles are available in: Schedule 1 part 2 of the Data Protection Act
Further guidance is available in the University's Data Protection Code of Practice.
UK Information Commissioner's Guidance on Personal Data
There are several steps to determining whether data (electronic or manual) is personal data for the purposes of the Data Protection Act. This extract from the UK Information Commissioner's Data Protection Technical Guidance: Determining what is personal data helps explain and illustrate the Information Commissioner's guidance on what is personal data.
The full version, including references, is available on the Information Commissioner's website.
Download the UK Information Commissioner's Guidance on Personal Data