There are 7 key principles under the UK Data Protection Act 2018 (aligned with UK GDPR).

Quick Scoop: The 7 Principles

These seven principles sit at the heart of how organisations must handle personal data.

  1. Lawfulness, fairness and transparency – Data must be processed in a lawful way, be fair to individuals, and be clear and open about how their data is used.
  1. Purpose limitation – Data should only be collected for specified, explicit and legitimate purposes, and not used in ways incompatible with those purposes.
  1. Data minimisation – Organisations should only collect data that is adequate, relevant and limited to what is necessary for the stated purpose.
  1. Accuracy – Personal data must be accurate and kept up to date, with steps taken to correct or delete inaccurate information.
  1. Storage limitation – Data should not be kept for longer than is necessary for the purposes for which it was collected.
  1. Integrity and confidentiality (security) – Data must be processed securely, protecting against unauthorised or unlawful processing, loss, destruction or damage.
  1. Accountability – Organisations are responsible for complying with these principles and must be able to demonstrate their compliance (for example through policies, records and audits).

Mini note on older β€œ8 principles”

You may still see references online to β€œ8 principles of data protection,” which usually relate to the older Data Protection Act 1998, not the 2018 regime. Under the 2018 Act and UK GDPR, the recognised core framework is these 7 principles listed above.

Information gathered from public forums or data available on the internet and portrayed here.