We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Information Security

Data Protection Policy

Why do you need to know about this?

The Data Protection Act (1998) protects personal information about individuals, governing how this information can be processed and the rights of an individual to access their personal information. If you are handling information that comes under the aegis of the Act, you need to be sure that you are handling it appropriately and understand what to do if someone makes a request to access their own, or someone else's, personal information.

What do you need to do?


  • Process personal data fairly and lawfully
  • Only obtain and process personal information for the purpose that you originally specified
  • Only collect and store the amount of information you need to carry out your task
  • Ensure that personal data you keep is accurate and kept up-to-date
  • Process personal data in accordance with the rights of data subjects as outlined in the Data Protection Act
  • Make sure that appropriate technical measures are taken to protect personal data and that it is not accidentally damaged or destroyed


  • Do anything that breaches any of the principles of Data Protection
  • Transfer personal data outside of the EEA, unless the destination country ensures adequate protection
  • Keep personal information for any longer than you need it

Where to next?

Got a question about the DPA? Visit our FAQs.