data’. It came into force on 1 March 2000. It covers computer and manual records.
The Act contains the following principles. Personal Data (shall)/(shall not) be
- Processed fairly and lawfully, and not be processed unless certain conditions are met
- Obtained for specified and lawful purposes and not be further processed in any manner incompatible with those purposes.
- Adequate, relevant and not excessive in relation to the purpose for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept for longer than is necessary for its purpose.
- Processed in accordance with the rights of data subjects under the Act.
- Appropriate measures shall be taken against unauthorised or unlawful processing of personal data.
- Transferred to a country outside the EEA unless that country has an adequate level of protection for the rights and freedoms of data subjects.
- Right of ACCESS - max fee of £10
- Right to PREVENT processing if likely to cause distress or damage.
- Right to prevent processing for MARKETING
- Right in relation to AUTOMATED decision
- Right to COMPENSATION
- Rectification, blocking, erasure and destruction
- Request for ASSESSMENT
