|
United Kingdom
Approved in July 1998, the United Kingdom's Data Protection Act came into force on March 1, 2000. It applies to personal data, which includes both facts and opinions about an individual, as well as information regarding the intentions of the data controller toward the individual.
Government agencies and private entities processing personal data must comply with the principles of good practice. The Act sets out eight Data Protection Principles. They require that personal data be processed fairly and lawfully, obtained only for one or more specified and lawful purposes, and not be further processed in any manner incompatible with those purposes. They also require that personal data be adequate, relevant, not excessive in relation to the purposes for which they are processed, accurate, kept up-to-date, and retained only as long as necessary for the stated purposes.
In addition, personal data must be processed in accordance with the rights of data subjects under the Act, and appropriate technical and organizational measures must be taken against unauthorized or unlawful processing, accidental loss, destruction or damage. Furthermore, personal data may not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of subjects in relation to the processing of personal data.
|