Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

The first principle of the data protection act states that all personal data must be fairly and lawfully processed. This means that organisations must have legitimate grounds for collecting and using your personal data. For example, data is classed as being obtained fairly by the tax authorities if it is obtained from an employer who is under the legal duty to provide details of an employee pay. However, it is not obtained fairly if your contact details have been passed on or sold to an organisation with your consent.

The data must not be used in ways that have unjustified adverse effects on the individuals.

Organisations must be must be transparent about how they intend to use the data and give individuals appropriate privacy notices when collecting their personal data.  Some organisation shares personal data with other organisations and some even trade in personal data. The individuals must be treated fairly and be told that their information may be shared so they can choose whether or not to enter into a relationship with the organisation who is sharing the information.

A privacy notice should state who the organisation is and the purpose for which it intends to use the data collected from you.  Personal data should only be handled in ways that would be reasonably expected and nothing unlawful should be done with the data.

If the processing of personal data involves committing a criminal offence the processing will be unlawful, but it can also be classed as unlawful in the following circumstances:- 

  • A breach of confidence, for example, discussing a person's medical condition to a friend of yours
  • Or an infringement of copyright.

In order to process a person's data, organisations must ensure that at least one of the following conditions has been met:-

  • The individual has consented to the processing
  • The processing is necessary either because of a legal obligation or in relation to a contract that an individual has entered into
  • Processing of the data is to protect the vital interests of the person
  • Processing is necessary for administering justice or other statutory government functions
  • The processing is in accordance with the legitimate interests condition.

This covers instances where it is necessary to process information legitimately that are not covered by the other circumstances.

When sensitive data is processed, at least one of several other conditions must also be met before the data can be processed, these include:-

  • Explicit consent has been received from the data subject
  • Processing is required to comply with employment legislation
  • Processing is necessary to safeguard the vital interests of the data subject or another person
  • The information has already been made public by the data subject
  • Processing is necessary for the connection with legal proceedings
  • Processing is necessary for the administration of justice
  • Processing is necessary for medical reasons
  • Processing is necessary for ethnic monitoring