The Data Protection Principles are the backbone of the Act and are the fundamental rules to adhere to ensure good data Protection practice. Survive is committed to the importance of data protection to our service users and is legally accountable for any failure to comply with the Data Protection Act 1998.
The basic principles of the Data Protection Act are listed as follows:
1. Personal data shall be processed fairly and lawfully.
When asking people for information, don’t mislead them about why you require it, how the information will be used and who will have access to it.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal information can only be held for the reasons given on the registration and can only be used or given out to other people for the reasons given in the registration.
4. Personal data shall be accurate and where necessary kept up to date.
Information held must be correct.
5. personal data processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes.
Once the period for the purpose has expired the information should be discarded.
6. Personal data shall be processed in accordance with the rights of data subject under this Act.
An individual shall be entitled:
a) At reasonable intervals and without undue delay:
i. To be informed by any data controller (the Organisation)whether it holds personal data of which that individual is the subject, and
ii. To have access to any such data held by the Organisation, and
b) Where appropriate, to have such data corrected or erased.
People have the right to see the information we hold about them. If it contains information that is wrong they have the right to have it corrected or deleted.
7. Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.
It is important that personal information does not get into the hands of unauthorised people and that care is taken to prevent any accidental loss or destruction.
8. Personal data shall not be transferred to a country or territory outside the European Economic area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
It is important that personal information doesn’t get into the hands of unauthorised people, and in to countries or organisations that do not have as stringent privacy policies as we do within the EEA.
Find out more about data protection here