The Data Protection Act 1998 aims to promote high standards in the handling of personal information, and to protect the individual's right to privacy.
The DPA applies to anyone holding information about living individuals in electronic format and in some cases on paper. They must follow the eight data protection principles of good information handling.
Personal information must be:
- Fairly and lawfully processed
- Processed for specified purposes
- Adequate, relevant and not excessive
- Accurate, and where necessary, kept up to date
- Not kept for longer than is necessary
- Processed in line with the rights of the individual
- Kept secure
- Not transferred to countries outside the European Economic Area unless there is adequate protection for the information.