Introduction

The Data Protection Act 1998 was brought into force on 1 March 2000 and works in two ways. It gives individuals certain rights. It also says those who record and use personal information must be open about how the information is used and must follow the eight principles of 'good information handling'.

Principles

Anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:

• Processed fairly and lawfully


• Processed for limited purposes


• Adequate, relevant and not excessive


• Accurate and up-to-date


• Not kept longer than necessary


• Processed in accordance with the data subject's rights


• Secure


• Not transferred to countries outside EEA without adequate protection

Subject Access

The Subject Access provisions of the Data Protection Act gives an individual the right to have a copy of any personal data held on them.

Section 7 of the Data Protection Act 1998 states that a "data subject" (the person about whom the personal data refers) is entitled, upon written request, to be informed whether or not personal data is held or processed about them.