Data Protection Act 1998

Your rights under the Act

The Data Protection Act 1998 came into force on March 1 2000. The Act gives legal rights to individuals in respect of personal data held about them by others.

Under the Act, personal data must be processed following the Data Protection Principles so that data are:

1. processed fairly and lawfully and only if certain conditions are met
2. obtained for specified and lawful purposes
3. adequate, relevant and not excessive
4. accurate and where necessary kept up-to-date
5. not be kept for longer than necessary
6. processed in accordance with the rights of data subjects
7. kept secure
8. not be transferred abroad unless to countries with adequate data protection laws

You are entitled to have access to information held about you, except where releasing that information would breach another person's privacy. You also have rights including rights to prevent processing likely to cause unwarrented damage or distress and to prevent processing for the purposes of direct marketing.

To exercise your rights under the Data Protection Act, you should contact the University Data Protection Officer.