Data Protection Guidance

The Principles of Data Protection

The Act stipulates that anyone processing personal data must comply with The Principles of good practice.  These Principles are legally enforceable.

The Principles require that personal information:

  1. Shall be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met;
  2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
  4. Shall be accurate and where necessary, kept up to date;
  5. Shall not be kept for longer than is necessary for that purpose or those purposes;
  6. Shall be processed in accordance with the rights of data subjects under the Act;
  7. Shall be kept secure i.e. protected by an appropriate degree of security;

The Act provides conditions for the processing of any personal data.  It also makes a distinction between personal data and ”sensitive” personal data.

Personal data is defined as, data relating to a living individual who can be identified from:

  • That data;
  • That data and other information which is in the possession of or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and

any indication of the intentions of the data controller, or any other person in respect of the individual.

Sensitive personal data is defined as personal data consisting of information as to:

  • Racial or ethnic origin;
  • Political opinion;
  • Religious or other beliefs;
  • Trade union membership;
  • Physical or mental health or condition;
  • Sexual life;
  • Criminal proceedings or convictions.

Handling of personal/sensitive information

\We will, through appropriate management and the use of strict criteria and controls:

  • Observe fully conditions regarding the fair collection and use of personal information;
  • Meet its legal obligations to specify the purpose for which information is used;
  • Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • Ensure the quality of information used;
  • Apply strict checks to determine the length of time information is held;
  • Take appropriate technical and organisational security measures to safeguard personal information;
  • Ensure that personal information is not transferred abroad without suitable safeguards;
  • Ensure that the rights of people about whom the information is held can be fully exercised under the Act.

These include:

  • The right to be informed that processing is being undertaken;
  • The right of access to one’s personal information within the statutory 40 days;
  • The right to prevent processing in certain circumstances;
  • The right to correct, rectify, block or erase information regarded as wrong information.

All staff will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:

  • Paper files and other records or documents containing personal/sensitive data are kept in a secure environment;
  • Personal data held on computers and computer systems is protected by the use of secure passwords;
  • Individual passwords should be such that they are not easily compromised.

The Fox Project takes the collection and storing of data seriously and works in a transparent manner to ensure that all data is properly protected and that clients are able to access their data and have some control in the way in which it is used.

Last Reviewed: 25th August 2018.