How should Psychologists manage personal information?
The first part of the Data Protection Act 1998 identifies eight principles which must be complied with when managing, processing or storing personal information, whilst the remainder of the Act confers a number of rights on the individual in respect of their personal data. The eight key principles are:
1) The data should be processed fairly and lawfully
2) That the data is processed only for its intended purpose and limited to its purpose
3) Personal data should be adequate, relevant and not excessive
4) Data should be accurate and kept up to date
5) Data should only be kept for as long as it is needed
6) Data should be processed in line with people’s rights
7) Data is kept secure
8) Data is not transferred to another county without the adequate protection
In its simplest form, the Act has been designed to create a sense of balance between an individual’s right to privacy and an organisations need to process personal data for the purposes of its business.
Since this article was written GDPR has come into force.
CLICK HERE to access our quick guide to GDPR for our Associates.