8 Data Protection Principles
There are eight principles put in place by the Data Protection Act 1998 to make sure that your information is handled properly.
They say that data must be:
1. fairly and lawfully processed;
2. processed for limited purposes;
3. adequate, relevant and not excessive;
5. not kept for longer than is necessary;
6. processed in line with your rights;
7. secure; and,
8. not transferred to countries without adequate protection.
By law, The Robert Gordon University (a "Data Controller") must keep to these principles in its processing of personal data.
Principle 1. Schedule 2 Conditions
In Principle 1, in processing fairly and lawfully, data controllers (for example, The Robert Gordon University) must comply with one of the following six Schedule 2 Conditions outlined in the Data Protection Act:
1. Consent has been received from the data subject; or
2. Processing is necessary for performance of a contract with the data subject; or
3. Processing is necessary for legal compliance; or
4. To protect the vital interests of data subjects; or
5. For administration of justice; or
6. For the legitimate interests of the data controller, in this case, The Robert Gordon University.
Last updated 30.07.08 (ALM)