Data Protection
The Data Protection Act 1998 was brought into force on 1 March 2000. The Act gives individuals certain rights in relation to accessing personal data. It also ensures that those who record and use personal information must be open about how the information is used and must follow the eight principles of "good information handling":
- Processed fairly and lawfully
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up-to-date
- Not kept longer than necessary
- Processed in accordance with the data subject's rights
- Secure
- Not transferred to countries outside European Economic Area (EEA) without adequate protection.
SPSA's Data Protection Policy and Procedures fully comply with the Data Protection Act 1998.