Guide to data protection
The principles of the Data Protection Act in detail
This Guide explains the purpose and effect of each principle, and gives practical examples to illustrate how the principles apply in practice. We hope that, by answering many frequently asked questions about data protection, the Guide will prove a useful source of practical advice to those who have day-to-day responsibility for data protection.
Alternatively, you can download a pdf version of the Guide.
Who has rights and obligations under the Data Protection Act? When do you 'process personal data'?
The eight principles to the Data Protection Act.
What is fair processing? Is it fair to disclose personal data to others? What is a privacy notice?
How should you specify your purpose for obtaining personal data? What if your original purpose changes?
What do information standards mean?
What rights do individuals have in relation to the personal data you hold about them?
Find out how to decide what approach to take to the security of the personal data you hold. What kind of security measures might be appropriate?
Find out if you can send personal data outside the European Economic Area (EEA). What conditions apply to transfers of personal data overseas?
What conditions do you need to satisfy before you can process personal data? What purposes can you process personal data for? How important is it to obtain consent?
What are the exemptions from notification? When can you withhold information from individuals? When can you disclose personal data to third parties?