Home About UHI Governance Policies and regulations Data Protection The Eight Principles

The Eight Principles

The Principles define how data can be legally processed. ‘Processing’ includes obtaining, recording, holding or storing information and carrying out any operations on the data, including adaptation, alteration, use, disclosure, transfer, erasure, and destruction.
  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be held only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.
  4. Personal data shall be accurate and where necessary kept up to date.
  5. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
  6. Personal data shall be processed in accordance with the rights of data subject under the DPA.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of the data.
  8. Personal data shall not be transferred to a country or a territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

The DPA defines both personal data and sensitive personal data. Data users must ensure that the necessary conditions are satisfied for the processing of personal data and in addition that the extra, more stringent, conditions are satisfied for the processing of sensitive personal data.

The University’s registration number with the Information Commissioners Office is : Z7137095. (Registration Entry Details)

The University's registration certificate.