Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

Principle 2 states that Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Principle 2 of the act enforces that personal data should only be processed for limited purposes. This requirement aims to ensure that organisations are open about their reasons for obtaining personal data and that what they do with the information is in line with the reasonable expectations of the individuals concerned. 

This principle has clear links with the other data protection principles.   In order to comply with this principle, organisations must be clear from the outset about why they are collecting personal data and what they intend to do with it. They must comply with the acts fair processing requirements, that is if they intend to use the data for any other purpose this is new disclosure must be fair. A breach of this would be where a GP discloses his patient list to his wife who is a travel agent so she can offer holiday deals to his patients.  The act also states that every data controller who is processing personal information to register with the ICO unless they are exempt.