Data Protection

The General Data Protection Regulations (GDPR) aim to promote high standards in the handling of personal information, and to protect individuals’ rights to privacy as well as provide other rights which puts them in control of their personal data.  There is a strong emphasis on accountability, a Data Controller must evidence how it complies with the principles of the GDPR.

The GDPR applies to anyone processing information about living individuals and they must follow the following data protection principles of good information handling:

Personal data shall be:

a.    Processed lawfully, fairly and in a transparent manner
b.     Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
c.    Adequate relevant and limited to what is necessary
d.    Accurate and, where necessary, kept up to date
e.    Kept for no longer than is necessary
f.     Processed securely and is protected against unauthorised or unlawful processing and against accidental loss, destruction or damage