Data Protection Act 2018 and legal basis for processing

All the personal information that we collect and use is handled in accordance with the Data Protection Act principles. These state that personal data processing must be:

  1. lawful and fair
  2. specified, explicit and legitimate
  3. adequate, relevant and not excessive
  4. accurate and kept up to date
  5. kept for no longer than is necessary
  6. held securely

Under GDPR our legal basis for processing staff information is :

the performance of a task carried out in the public interest or in the exercise of the controller’s official authority Article (6) (1) (e), and

necessary for the carrying out of obligations under employment, social security or social protection law Article 9 (2) (b).

Last updated: August 3, 2018