The General Data Processing Regulations (GDPR) and Data Protection Act 2018 gives you certain rights to access data that organisations hold about you. It also says those who record and use personal information must be open about how the information is used and must follow the six principles of ‘good information handling’.
The 6 data protection principles say that an individual's data must be:
- Principle 1 - Lawful, Fair and Transparent
- Principle 2 – Specified, explicit, legitimate
- Principle 3 – Adequate, relevant and Limited to what is Necessary.
- Principle 4 – Accurate, up to date
- Principle 5 – Kept no longer than necessary
- Principle 6 – Processed in a secure manner