Data protection principles under the DPA 1998 [Archived]
Produced in partnership with Pillsbury Winthrop Shaw Pittman LLP
Data protection principles under the DPA 1998 [Archived]

The following Information Law practice note Produced in partnership with Pillsbury Winthrop Shaw Pittman LLP provides comprehensive and up to date legal information covering:

  • Data protection principles under the DPA 1998 [Archived]
  • Principle 1: Personal data must be processed fairly and lawfully
  • Fair processing
  • Lawful processing
  • Conditions for processing
  • Principle 2: Personal data must be obtained only for specified and lawful purposes
  • Using personal data for a new purpose
  • Principle 3: Personal data must be adequate, relevant and not excessive
  • Principle 4: Personal data must be accurate and kept up to date
  • Accuracy of opinions
  • More...

ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.

Under the DPA 1998 data controllers that handle personal data must comply with the following eight principles:

  1. Principle 1: personal data must be processed fairly and lawfully

  2. Principle 2: personal data must be obtained only for specified and lawful purposes

  3. Principle 3: personal data must be adequate, relevant and not excessive

  4. Principle 4: personal data must be accurate and kept up to date

  5. Principle 5: personal data must not be kept for longer than necessary

  6. Principle 6: personal data must be processed in accordance with the rights of data subjects

  7. Principle 7: there must be measures against unauthorised or unlawful processing of personal data

  8. Principle 8: there must be adequate protection for personal data transferred outside the EEA

Other laws applicable to the information in question must also be observed. For example, a former employee’s use of confidential customer records to set up a competing business is prohibited by the DPA 1998 as unlawful processing, and may also infringe post-termination provisions in his employment contract.

For an explanation of key terms mentioned in this note, see Practice Note: Key definitions under the DPA 1998.

For a comprehensive introduction

Popular documents