Skip to content
Open menu Close menu

Data Protection Principles

There are eight principles of good practice. Anyone processing personal information must comply with eight enforceable principles of good information handling practice.

These say that data must be:

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate and up to date
  5. not kept longer than necessary
  6. processed in accordance with the individual's rights
  7. secure
  8. not transferred to countries outside European Economic area unless country has adequate protection for the individual

Further information

The Information Commissioner's Office website has more information.