Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
54 views

The Data Protection Principles

The document discusses the eight data protection principles under the UK Data Protection Act (DPA) that require data controllers to comply with regarding processing of personal data. The principles state that personal data must be processed fairly and lawfully; obtained only for specified lawful purposes; be adequate, relevant and not excessive for those purposes; be accurate and up to date; not be kept for longer than necessary; comply with individual rights; have appropriate security measures; and not be transferred outside the EEA without adequate protections. The document also discusses that sharing of customer data between organizations is allowed under the DPA if appropriate procedures are followed and customers provide permission for their data to be used. The customer owns their own data and organizations are responsible for controlling its

Uploaded by

Devilm Belongm
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
54 views

The Data Protection Principles

The document discusses the eight data protection principles under the UK Data Protection Act (DPA) that require data controllers to comply with regarding processing of personal data. The principles state that personal data must be processed fairly and lawfully; obtained only for specified lawful purposes; be adequate, relevant and not excessive for those purposes; be accurate and up to date; not be kept for longer than necessary; comply with individual rights; have appropriate security measures; and not be transferred outside the EEA without adequate protections. The document also discusses that sharing of customer data between organizations is allowed under the DPA if appropriate procedures are followed and customers provide permission for their data to be used. The customer owns their own data and organizations are responsible for controlling its

Uploaded by

Devilm Belongm
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 1

The data protection principles

The DPA requires the Data Controller to comply with eight data protection principles, which are set
out in a schedule to the Act. The eight principles are as follows:

Data must be processed fairly and lawfully.


Data must be obtained only for specified lawful purposes and not further processed in a
manner which is incompatible with those purposes.
Data must be adequate, relevant and not excessive in relation to the purposes for which it is
processed.
Data must be accurate and, where necessary, kept up to date.
Data must not be kept for longer than is necessary.
Data must be processed in accordance with the rights of Data Subjects under the DPA.
Appropriate technical and organisational security measures must be taken to prevent
unauthorised or unlawful processing, accidental loss of or destruction or damage to personal
data.
Personal data must not be transferred outside the EEA unless the destination country ensures
an adequate level of protection for the rights of the data subject in relation to the processing
of personal data.

Data sharing overview


The sharing of customer information is permitted in compliance with the Data Protection Act,
provided that the appropriate procedures have been followed. It is absolutely the case that venues
can share customer data with touring companies, (and vice versa) should they wish to, as long as the
customer has received the appropriate notifications at the appropriate time, and the relevant
permissions have been obtained.
Arts organisations appear to discuss the ownership of customer records, but what should be
understood is that the customer owns their data, and the law puts them in charge of granting
permissions for its usage.
No organisation is an owner of the data, but is responsible for controlling the use of the data they
have in their customer records in accordance with the customers wishes and the relevant
regulations.
The customer is the first party in transactions, and the organisation they are transacting with is the
second party; in the case of ticket purchases the organisation actually selling the ticket and directly
receiving the income is the second party. The second party is the Data Controller and must manage
the arrangements for data sharing and any practicalities to obtain additional permissions.

You might also like