1. Personal information must be fairly and lawfully processed
If your business collects personal data, it’s imperative to ensure that the information is processed in a fair and lawful manner. This means having legitimate grounds for collecting data and not using it in any way that may have unjustified adverse effects on the individual.
2. Personal information must be processed for limited purposes
As an organisation, you must be open about how you plan to use personal data, and these must be within reasonable expectations. Complying with the Data Protection Act (1998) also means that you have a duty to provide privacy notices to individuals when collecting their data.
3. Personal information must be relevant and not excessive
This principle is also known as data minimisation. Ultimately, it means that you must identify the minimum amount of data necessary to properly fulfil your task and not hold any more information than needed.
4. Personal information must be accurate and up to date
To ensure the precision of information - consider the source of the data. Is it obtained from a third party, or inputted by the individual personally? It’s also important to remember that if the purpose of using the information relies on it remaining current, it should be kept up to date.
5. Personal information must not be kept for longer than is necessary
Declutter. Although the Data Protection Act doesn’t set out specific rules for retaining personal data, it does advise that it shouldn’t be kept for longer than necessary. In practical terms, it means that the length of time that data is kept for should be reviewed and any data that is destroyed, should be done so in a secure manner.
6. Personal information must be processed in line with the data subject’s rights
This principle refers to the rights of the individuals providing their personal data, including their right of access to a copy of the information. Individuals also have a right to prevent processing for direct marketing.
It’s worth keeping in mind that individuals are also able to claim compensation for damages caused by a breach of the Data Protection Act.
7. Personal information must be secure
Unfortunately, when data ends up in the wrong hands, it can be extremely valuable. Security surrounding personal data should be a top priority for companies as a careless error could lead to financial and reputational damage. Companies should make sure that security is designed around the nature of the personal data. It should be clear in your organisation as to who is responsible for the security of information.
8. Personal information must not be transferred to other countries without adequate protection
Don’t allow data to travel outside of the European Economic Area (EEA) unless the country provides an adequate level of protection for the rights and freedoms of data. If you do transfer sensitive and personal data outside of the EEA, make sure you are complying with other country specific data protection principles.
At Restore Datashred, we understand the importance of safeguarding the vast amount of personal data, which is often a necessity in the modern business landscape.