Zusammenfassung der Ressource
Data Protection Act 1998
- The Data Protection Act has
eight key principles that state
how data (information) should
be kept and handled:
- 1
- Processed
FAIRLY and
LAWFULLY
- Personal information:
- Should NOT be collected and
used without PERMISSION
- Should only be used on a
'need-to-know' basis
- 2
- Used ONLY
for purposes
for which it
was
INTENDED
- Personal information:
- Should be held for a clear
purpose
- Should only be used for the
purpose held
- 3
- ADEQUATE
and
RELEVANT
but not
EXCESSIVE
- Practitioners should:
- Only collect and use
information that is needed
- Not collect unnecessary
information
- 4
- ACCURATE
and kept UP
TO DATE
- Inaccurate/incorrect data should
be destroyed or corrected
- Staff has the responsibility to
ensure information is correct
- Systems should be in place for
checking accuracy
- 5
- Kept for NO
LONGER than
is necessary
- Information should be DELETED or
DESTROYED when no longer needed
- Sensitive or personal data should
be SECURELY deleted or shredded
- 6
- PROCESSSED
in line with
the RIGHTS of
the individual
- People have the right to:
- Know what information is held about them
- Know how their information is being used
- Have any errors corrected
- Prevent any data being used for
advertising or marketing
- 7
- SECURED
- AUTHORISATION
- Non-authorised staff/people should not be
allowed to access information
- Information should be kept in SECURE
conditions
- There should be clear guidelines on who
can have access
- 8
- NOT transferred
to countries
outside the
European
economic area
- European Economic area
- Information should only be transferred
outside the European economic area with
permission
- Other countries might not have the same
data protection legislation
- Data might not be secure