Page 145 - Law and the Media
P. 145

Law and the Media
                Notification
                The notification procedure is straightforward. It can be undertaken by post, over the
                                                                             1
                telephone, or online at the Data Protection Commissioner’s web site. The notification lasts
                for one year but is automatically continued on payment of the fee, currently £35.

                The data controller must provide the ‘registrable particulars’, which include his name and
                address and information relating to the personal data being processed, as well as a general
                description of the measures to be taken for the purpose of complying with the seventh data
                protection principle concerning security measures.

                Data protection principles
                The primary obligation on the data controller is that all processing must be fair and lawful.
                In addition, there are eight data protection principles:

                1. Personal data shall be processed fairly and lawfully and shall not be processed unless at
                   least one of the conditions in Schedule 2 is met or in the case of sensitive personal data
                   at least one of the conditions in Schedule 3 is also met
                2. Personal data shall be obtained only for one or more specified and lawful purpose, and
                   shall not be further processed in any manner incompatible with that purpose or those
                   purposes
                3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or
                   purposes for which they are processed
                4. Personal data shall be accurate and, where necessary, kept up to date
                5. Personal data processed for any purpose or purposes shall not be kept for longer than is
                   necessary for that purpose or those purposes
                6. Personal data shall be processed in accordance with the rights of data subjects under the
                   DPA
                7. Appropriate technical and organizational measures shall be taken against unauthorized or
                   unlawful processing of personal data and against accidental loss or destruction of, or
                   damage to, personal data
                8. Personal data shall not be transferred to a country or territory outside the European
                   Economic  Area, which is the European Union Member States, Norway, Iceland and
                   Liechtenstein, unless that country or territory ensures an adequate level of protection for
                   the rights and freedoms of data subjects in relation to the processing of personal data.

                Fair and lawful processing
                All personal data must be obtained fairly and without deception. Certain information,
                including the identity of the data controller and the purpose for which the data is to be
                processed, must be provided to the subject of the personal data at the time the data is
                obtained. This applies whether the personal data has been obtained from the subject himself
                or from another person or organization.



                1
                 The web site can be found at www.dataprotection.gov.uk.
                108
   140   141   142   143   144   145   146   147   148   149   150