Data Protection Principles
The Data Protection Act 2018 and the EU General Data Protection Regulation establishes six principles which organisations such as the Council are required to adopt. These principles help ensure personal information is treated responsibly and with regard to the rights of individuals.
The principles can be summarised as:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.