Data Protection Act

The Data Protection Act (DPA) 1998 applies to any organisations which hold and process personal information. The act is designed to protect against the misuse of personal data.

There are 8 Data Protection Principles, which exist to ensure that personal information is:

  1. Fairly and lawfully processed
  2. Obtained and processed for one or more specific purposes
  3. Adequate, relevant and not excessive in relation to those purpose(s)
  4. Accurate, and where necessary kept up to date
  5. Not kept longer than necessary
  6. Processed in accordance with the data subject's rights
  7. Secure against unauthorised and unlawful processing and accidental loss or destruction
  8. Not transferred to countries without adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data.

The Act requires that we notify the Information Commissioner about what personal information we hold, what purposes we use it for, who we get it from and who we give it to.

The Act also makes provision for individuals to access personal data held about them in any format and to challenge the validity and use of that personal information.

To submit a request we require, in writing, full details with two forms of identification and a statutory fee of £10. Once received we will issue a response within 40 days.