The data protection principles
There are eight data protection principles that are central to the Act. The Company and all its employees must comply with these principles at all times in its information-handling practices. In brief, the principles say that personal data must be:
1. Processed fairly and lawfully and must not be processed unless certain conditions are met in relation to personal data and additional conditions are met in relation to sensitive personal data. The conditions are either that the employee has given consent to the processing, or the processing is necessary for the various purposes set out in the Act. Sensitive personal data may only be processed with the explicit consent of the employee and consists of information relating to:
race or ethnic origin
political opinions and trade union membership
religious or other beliefs
physical or mental health or condition
criminal offences, both committed and alleged.
2. Obtained only for one or more specified and lawful purposes, and not processed in a manner incompatible with those purposes.
3. Adequate, relevant and not excessive. The Company will review personnel files on an annual basis to ensure they do not contain a backlog of out-of-date information and to check there is sound business reason requiring information to continue to be held.
4. Accurate and kept up-to-date. If your personal information changes, for example you change address, you must inform your line manager as soon as practicable so that the Company’s records can be updated. The Company cannot be held responsible for any errors unless you have notified the Company of the relevant change.
5. Not kept for longer than is necessary. The Company will keep personnel files for no longer than six years after termination of employment. Different categories of data will be retained for different time periods, depending on legal, operational and financial requirements. Any data which the...
Please join StudyMode to read the full document