data protection principles

The College must comply with the Data Protection Act 1998 and process all personal information in accordance with the following eight Data Protection Principles.

The eight principles of the Data protection Act

When processing personal information data must:

  1. be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met
  2. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose
  3. be adequate, relevant and not excessive for those purposes
  4. be accurate and kept up to date
  5. not be kept for longer than is necessary for that purpose
  6. be processed in accordance with the data subject's rights
  7. be kept safe from unauthorised access, accidental loss or destruction
  8. not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data

Staff and students of the College, or others who process or use any personal information for the College, must ensure that they follow these principles at all times.