The Data Protection Act 1998

The DBS code of practice requires that all registered bodies must ensure any third parties are aware of the eight Data Protection Principles.

The Data Protection Act controls how personal information is used by organisations,

businesses or the government.

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

1. used fairly and lawfully;

2. used for limited, specifically stated purposes;

3. used in a way that is adequate, relevant and not excessive;

4. accurate;

5. kept for no longer than is absolutely necessary;

6. handled according to people’s data protection rights;

7. kept safe and secure;

8. not transferred outside the European Economic Area without adequate protection.

Further detailed information on the Data Protection Principles can be found on the

Information Commissioner’s Office website: ICO - Guide to data protection.