The Data Protection Act 1988 came into force on 1 March 2000 and applies to information about individuals ('personal data'). CCMS (as a 'Data Controller') must comply with requirements for how organisations should handle personal data. Data must be:
• fairly and lawfully processed
• processed for limited purposes and nor for any manner incompatible with those purposes
• adequate, relevant and not excessive
• not kept for longer than is necessary
• processed in line with the data subject's rights
• not transferred to countries without adequate data protection.
For further information contact