Data Protection Principles
The Data Protection Act contains eight principles of good practice with which the University must comply. These are as follows:
Principle 1: Personal data shall be processed fairly and lawfully.
Principle 2: Personal data shall be obtained and processed only for specified and lawful purposes.
Principle 3: Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed, and will not be further processed in any manner incompatible with that purpose or those purposes.
Principle 4: Personal data shall be accurate and, where necessary, kept up-to-date.
Principle 5: Personal data processed for any purpose shall not be kept for longer than is necessary.
Principle 6: Personal data shall be processed in accordance with the rights of data subjects under the Act.
Principle 7: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data.
Principle 8: Personal data shall not be transferred outside the EEA, unless that country ensures an adequate level of protection of the data subjects in relation to the processing of the data.