Everyone responsible for using personal data has to follow strict rules called ‘data protection principles. They must make sure the information is:
- Used fairly, lawfully and transparently;
- Used for specified, explicit purposes;
- Used in a way that is adequate, relevant and limited to only what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept for no longer than is necessary;
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
There is stronger legal protection for more sensitive information, such as:
- Ethnic background;
- Political opinions;
- Religious beliefs;
- Trade union membership;
- Genetics;biometrics (where used for identification);
- Sex life or orientation.
There are separate safeguards for personal data relating to criminal convictions and offences.