The data protection act was established in 1998. The eight principles are as follows:
- Personal data should be obtained and processed fairly amnd lawfully
- Personal data can be held only for specified and lawful purposes
- Personal data should be adequate, relevant and not excessive for the required purpose
- Personal data should be accurate and kept up-to-date
- Personal data should not be kept for longer than is necessary
- Data must be processed in accordance with the rights of the data subject
- Appropriate security measures must be taken against unauthorised access
- Personal data cannot be transferred to countries outside the E. U. unless the country has similar legislation to the D.P.A.
The data protection act is designed to do as it states, ensure the safety of personal data. Each principle aims to keep secure data deemed personal.
This includes racial or ethnic origin, political opinions and religious beliefs, among the obvious such as name and address. In some cases, collection
of such material may be required, for example, a Catholic school who only employs Catholics, might wish to know the religious beliefs of new teachers, while
The police force will need to know if new recruits have any previous criminal convictions.