- Data Protection Act
- 1) Data must not be processed unless there is a specific lawful reason to do so.
- 2) Data can only be obtained and used for specific purposes.
- 3) Data should be adequate, relevant and not excessive for the specific use.
- 4) Data must be accurate and kept up to date.
- 5) Data shouldn't be kept longer than necessary.
- 6) Data processing should meet legal rights
- 7) Data holders must protect the data against loss or theft
- 8) Data should not be transfered abroad, except to other EU countries.