The main principles of the Data Protection Act are fair and lawful processing of personal data; privacy of personal data except for legal reasons; adequacy of personal data; accuracy of data; limitation of personal data retention to necessity; preserving rights of data subjects; measures against unauthorized processing or damage of personal data; and a ban on transferring personal data outside the European Economic Area unless equal protection is promised, states ICO.org.UK. Each principle ensures fair and lawful personal data processing.Continue Reading
Section six of the act promises certain individual rights related to personal data. These rights are the right to a copy of personal data information, the right to object to potentially damaging processing of personal data, the right to object to marketing using personal data, the right to object to automated processing of data, the right to fix or erase inaccurate personal data, and the right to claim compensation for any breaches of these rights.
The third protection principle promises adequacy of personal data. This means that personal data only needs to be held to the extent that it is relevant to the purposes it is held for, and that no more information should be held than necessary. The exact wording, according to ICO.org.UK, is "adequate, relevant, and not excessive," although these words are not further defined.Learn more about Foreign Laws