Skip Ribbon Commands
Skip to main content
Data Protection Office
Data Protection Office>The Law>Data Protection Principles

Data Protection Principles

Principle of lawfulness and fairness

Personal data shall be processed fairly and lawfully.
Principle of purpose specification

Personal data shall be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.
Principle of adequacy and relevance

Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed.
Principle of accuracy

Personal data shall be accurate and, where necessary, kept up to date.
Principle of time limitation

Personal data processed for any purpose shall not be kept longer than is necessary for that purpose or those purposes.
Principle of respect for privacy rights

Personal data shall be processed in accordance with the rights of the data subjects under the DPA.
Principle of security

Appropriate security and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Principle of control over transborder data flows

Personal data shall not be transferred to another country, unless that country ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.