Data Protection principles

University staff and students processing personal information as part of their employment or studies must comply with the Act's eight principles. These require that personal data shall:

  1. be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met;
  2. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
  3. be adequate, relevant and not excessive for those purposes;
  4. be accurate and kept up-to-date;
  5. not be kept for longer than is necessary (NB the retention of data solely for historical or statistical research, where the results of the research are anonymised and conditions are met, is allowed under section 33 of the Act);
  6. be processed in accordance with the data subject's rights (including the right of subject access);
  7. be kept safe from unauthorised access, accidental loss or destruction;
  8. not be transferred to a country outside the EEA (the EU member states, plus Norway, Iceland and Liechtenstein), unless that country has adequate levels of protection for personal data.

Further guidance on the eight principles can be found by following the specific links above and from the

 

 

null

null