Data Protection Principles
There are eight rules of data protection, which govern the processing of personal data. When processing personal data the College must:
- obtain and process the data fairly;
- keep them only for one or more specified and lawful purposes;
- use and disclose them only in ways compatible with the purposes for which they were initially given;
- keep them safe and secure;
- keep them accurate, complete and up-to-date;
- ensure that they are adequate, relevant and not excessive;
- retain them no longer than is necessary for the specified purpose or purposes;
- provide a copy of his/her personal data to any individual, on request.
In addition, there are special conditions that must be met before personal data may be transferred to a country outside the European Economic Area (E.U. member states and Iceland, Liechtenstein and Norway) if that country does not have an EU-approved data protection law. Specific provisions are in place concerning personal data transfers to the United States of America.
The above rules apply to all personal computer-held data and to all personal manual data created from the 1 July 2003. However, for manual records created before 1 July, 2003, the obligations:
- to keep data accurate, complete and up-to-date;
- to ensure that they are adequate, relevant and not excessive; and
- to retain them no longer than is necessary for the purpose or purposes will only apply from 24 October, 2007.
Until that date the following procedures will apply to personal manual data created before 1 July, 2003:
- provide a copy of his/her personal data to any individual on request;
- correct, erase, or destroy any manual personal data that are incomplete or inaccurate;
- destroy any personal manual data that are incompatible with the legitimate purpose for which they were collected.
Rights of data subjects
If you are concerned regarding your rights as a data subject or wish to exercise your right of access to your own personal information please contact Trinity's Information Compliance Officer at the address given on the Data Protection homepage.