The Principles

Anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:

  • Processed fairly and lawfully 
  • Processed for limited purposes 
  • Adequate, relevant and not excessive
  • Accurate and up-to-date 
  • Not kept longer than necessary 
  • Processed in accordance with the data subject's rights 
  • Secure 
  • Not transferred to countries outside EEA without adequate protection