The Data Protection Act 2018 (DPA 2018) became law in May 2018. This supersedes the Data Protection Act 1998. The DPA 2018 sets standards which must be satisfied when obtaining, recording, using or disposing of personal data. These are summarised by 6 Data Protection Principles.
Personal Data must be:
- Processed fairly, lawfully and transparent. Data subjects must be fully informed of why your collecting their information, what you are going to do with it and who you may share it with.
- Processed only for specified purposes
- Adequate, relevant and not excessive in relation to the purpose for which it was processed
- Accurate and where necessary kept up to date.
- Kept for no longer than is necessary for the purpose it was processed.
- Processed in a manner that includes taking appropriate security measures as regards risks that arise from processing personal data.