The Data Protection Act contains eight Data Protection Principles. These state that all data must be: Processed fairly and lawfully; Obtained & used only for specified and lawful purposes; Adequate, relevant and not excessive; Accurate, and where necessary, kept up to date; Kept for no longer than necessary; Processed in accordance with the individuals rights (as defined); Kept secure; Transferred only to countries that offer adequate data protection.
The legislation underpinning these principles is extremely complex. It is not suitable for direct devolution to all the staff/managers who may have responsibility for personal data or for quick interpretation by the busy professional. Nor does it, on its own, provide a measure of compliance. Hence the need for supporting products and information.