Anyone processing personal data must comply with the eight enforceable principles
of good practice. They say that data must be:
- fairly and lawfully
processed;
- processed for limited purposes and not in any manner incompatible with
those purposes;
- adequate, relevant and not excessive;
- accurate;
- not kept for longer than is necessary;
- processed in line with
the data subject's rights;
- secure;
- not transferred to countries
without adequate protection.
Personal data covers both facts and opinions
about the individual. It also includes information regarding the intentions of the data controller towards
the individual.
