Organisations handling personal information
Under the Data Protection Act 1998 all organisations handling personal information must comply with eight principles. Anyone who processes personal information must make sure that the personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
The Data Protection Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.
The Data Protection Act 1998 and the Freedom of Information Act 2000
The Data Protection Act and the Freedom of Information Act give people rights to see or receive information:
- The Data Protection Act allows you access to see personal information held by all organisations.
- The Freedom of Information Act allows you to see official information held by public authorities.
Does the Data Protection Act apply in all circumstances where an organisation holds personal information?
For more information on:
- Are there any circumstances under the Data Protection Act where an organisation does not have any legal obligations?
- Does the Data Protection Act apply where an organisation holds information relating to businesses; companies or other organisations?
- Can I get a copy of the personal information that an organisation is holding about me?
- How do I get a copy of the personal information that an organisation is holding about me?
- I believe that an organisation holds personal information about me which is inaccurate. What can I do about it?
- Customer complaint
- The Information Commissioner’s Office