Fairly and Lawfully processed - Data subjects
should be told who will be processing their data
and why. The data should not be used for illegal
purpose.
Processed for limited purposes - Organisations must only
use the data for the specific reasons that were stated when it
was collected.
Adequate, relevant and not excessive - Irrelevant
information must not be collected.
Accurate and up-to-date - Organisations must ensure data
is correct and if it isn't they must change it.
Not kept for longer than is necessary -
Data that is no longer needed must be
deleted.
Processed in line with your rights - If you change
your mind about the organisation using your data it
must comply
Secure - Data should not be made available to
unauthorised users, this includes data stored on
laptops and storage disks.
Not transferred to other countries without
adequate protection - Data should not be
transferred to other countries, unless they
have similar levels of data protection to the
UK. All countries in the European Union
(EU) have this level of protection so data
can be lawfully transferred within the EU.