Data Protection Act 1988 (DPA)

The Data Protection Act (DPA) exists to protect information about individuals. It has eight Principles. These are that personal data should be:

  1. processed fairly and lawfully
  2. processed for specified purposes
  3. adequate, relevant and not excessive
  4. accurate and up to date
  5. not kept for longer than necessary
  6. processed in accordance with your rights
  7. kept securely
  8. not transferred to other countries without protection

Everyone has the right to ask what data is being held about them by an organisation (the "right of access"). You have the right to know why that data is being held, where the data has come from, and if any automated decisions are being made about you using this data.

You cannot ask to see data about other people. Other people cannot ask to see data about you.

When you ask us for your data we have 40 days to reply.

If you keep data about other people as part of your job then you must ensure it is kept safe and secure. Paper files should be kept in locked cabinets, and you should lock your PC when you leave your desk. You should avoid putting personal data onto memory sticks, disks or laptops.

Find out more