Personal data must be fairly and lawfully processed.
This includes collection of data: personal data must not be collected by deceiving or misleading the person into providing it. The data can only be used lawfully.
Personal data must be processed for limited purposes.
This means data can only be used for the purpose for which it was obtained.
Personal data must be kept accurate and up to date.
Most people worry about this because innacuracies stored by banks and credit companies can cause many difficulties. Most people who ask to see what data is held about them are concerned that companies hold data that is not accurate and wish to have it corrected.
Personal data shouldn't be kept for longer than necessary.
Data should be discarded when it is no longer needed, in a way that no others can access or read it.
Personal data must be processed in line with your rights.
This principle ensures a persons data is processed so that a person's rights are respected.
Personal data must be kept secure.
The Data Protection Act ensures that people who hold data take all technical and organisational precautions against its loss, unauthorised access and damage.
Personal data must not be tranferred to other countries outside of the Europen Economic Area that do not have adequate data protection.