The Nine Principles of ‘good information handling’
Article 7 of the Act lists the requirements for processing, where the main purpose of these principles is to
protect the interest of the individuals about whom personal data is processed.
To ensure compliance with the Act, the data controller shall ensure that:
- Personal data is processed fairly and lawfully;
- Personal data is always processed in accordance with good practice;
- Personal data is only collected for specific, explicitly stated and legitimate purposes;
- Personal data is not processed for any purpose that is incompatible with that for which the information is collected;
- Personal data that is processed is adequate and relevant in relation to the purposes of the processing;
- No more personal data is processed than is necessary having regard to the purposes of the processing;
- Personal data that is processed is correct and, if necessary, up to date;
- All reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
- Personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed.