·
Processed fairly and lawfully.
·
Processed only for one or more specified and
lawful purpose.
·
Adequate, relevant and not excessive for those
purposes.
·
Accurate and kept up to date - data subjects
have the right to have inaccurate personal data corrected or destroyed if the
personal information is inaccurate to any matter of fact.
·
Kept for no longer than is necessary for the
purposes it is being processed.
·
Processed in line with the rights of individuals
- this includes the right to be informed of all the information held about
them, to prevent processing of their personal information for marketing
purposes, and to compensation if they can prove they have been damaged by a
data controller's non-compliance with the Act.
·
Secured against accidental loss, destruction or
damage and against unauthorised or unlawful processing - this applies to you
even if your business uses a third party to process personal information on
your behalf.
·
Not transferred to countries outside the
European Economic Area - the EU plus Norway, Iceland and Liechtenstein - that
do not have adequate protection for individuals' personal information, unless a
condition from Schedule four of the Act can be met.
No comments:
Post a Comment