the Data Protection Act

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

1. processed fairly and lawfully;
2. processed for limited purposes;
3. adequate, relevant and not excessive;
4. accurate and up to date;
5. not kept for longer than is necessary;
6. processed in line with your rights;
7. secure - both from an organisational and technical perspective;
8. not transferred to non-EEA countries without adequate protection.

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

Assess how compliant your organisation is by reviewing each of the eight principles on the left. You should be able to answer "yes" to each question within each principle to be completely compliant with the Act.