home| T: 029 2038 5542| contact us| print page
The DPA
principle 1 | principle 2 | principle 3 | principle 5 | principle 4 | principle 6 | principle 7 | principle 8

The DPA

The Data Protection Act sets out principles for how an organisation (a Data Controller) should handle the personal information of people it deals with and how members of the public (Data Subjects) can access information about them and determine how that information is used.

The Act protects the interests of Data Subjects by stating that Data Controllers must comply with eight principles, making sure that the information being processed is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with your rights;
  • secure; and
  • not transferred to other countries without adequate protection.

The Act also gives Data Subjects important rights including the right to know what information is held about them and to correct that information where it is wrong. Compensation can be claimed by Data Subjects through the courts if Data Controller breaches the Act and this causes them damage (e.g. financial loss).

Assess how compliant your organisation is by reviewing each of the eight principles listed above. You should be able to answer "yes" to each question within each principle to be completely compliant with the Act, although don't worry if you can't, as very few can without careful planning.