The Eight Data Protection Principles

These principles provide a useful shorthand to the Data Protection Act's scope. The data should be:

  1. Processed fairly and lawfully.
  2. Processed for limited specified, lawful purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate and kept up to date.
  5. Not kept for longer than is necessary.
  6. Processed in line with the individual’s rights.
  7. Secure from unauthorised or unlawful access and accidental loss.
  8. Not transferred outside the EU to areas without adequate regulation.