Skip to main content

Data Protection Requirements


The Data Protection Act requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure. Anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The Act also allows individuals to find out what personal information is held about them by making a subject access request. This covers information held electronically and in some paper records, and includes credit reference details.

The Information Commissioner's Office is responsible for looking after individuals' rights and making sure personal information isn't misused. Complaints are usually dealt with informally, but, enforcement action can be taken if this becomes necessary.

The following articles give more information about data protection and it's implications for e-commerce:

Data Protection

Next: The Electronic Commerce Directive