Data Protection Act 1988 (DPA)
The Data Protection Act (DPA) exists to protect
information about individuals. It has eight Principles. These are that
personal data should be:
- processed fairly and lawfully
- processed for specified purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than necessary
- processed in accordance with your rights
- kept securely
- not transferred to other countries without protection
Everyone has the right to ask what data is being held about them by an
organisation (the "right of access"). You have the right to know why that
data is being held, where the data has come from, and if any automated
decisions are being made about you using this data.
You cannot ask to see data about other people. Other people cannot ask to
see data about you.
When you ask us for
your data we have 40 days to reply.
If you keep data about other people as part of your job then you must
ensure it is kept safe and secure. Paper files should be kept in locked
cabinets, and you should lock your PC when you leave your desk. You should
avoid putting personal data onto memory sticks, disks or laptops.
Find out more