General Data Protection Regulations
The Data Protection Act 2018 controls how your personal information is used by organisations and is the UK’s implementation of the EU’s General Data Protection Regulations (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit and legitimate purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or authorised processing, access, loss, destruction or damage
Our Data Protection Policy details our approach to this.
