The Eight Data Protection Principles

The Eight Data Protection Principles are central to the Act and are intended to protect the rights of the individuals about whom Personal Data are processed. The data protection principles set out good practice and by complying with the principles businesses(data controllers) will protect their own interests as well as those of Data Subjects.

All data controllers, even those exempt from the requirement to notify, must comply with the data protection principles.

In summary the eight data protection principles are:

The Data Protection Principles
Personal data must be
1. Used fairly and lawfully
2. Used for specific and lawful purposes, in a manner that is compatible with those purposes
3. Adequate, relevant and not excessive
4. Accurate and where necessary kept up to date
5. Kept for no longer than necessary
6. Used in accordance with the rights of individuals under the Act
7. Kept secure to avoid unauthorised or unlawful use, accidental loss, or damage
Personal data must not* be*
8. Transferred to another country unless that country has an adequate level of protection.

It is recommended that a Data Controller should consider the development of policies and Codes of Practice to ensure compliance with the Principles.

The Office of the Data Protection Supervisor is happy to assist any organisation which wishes to develop policies or Codes of Practices.

Material on the Data Protection Supervisor's site is independent of that hosted by the Isle of Man Government and is protected by copyright. The copyright owner is the Isle of Man Data Protection Supervisor. You may not make alterations or additions to the material on this site, or sell it or misappropriate it. Material may be downloaded or copied for personal use. However, appropriate acknowledgement of the copyright owner is required if material is re-published in any format.

O.D.P.S.

The Eight Data Protection Principles