PART 3Law enforcement processing
CHAPTER 2Principles
34Overview and general duty of controller
1
This Chapter sets out the six data protection principles as follows—
a
section 35(1) sets out the first data protection principle (requirement that processing be lawful and fair);
b
section 36(1) sets out the second data protection principle (requirement that purposes of processing be specified, explicit and legitimate);
c
section 37 sets out the third data protection principle (requirement that personal data be adequate, relevant and not excessive);
d
section 38(1) sets out the fourth data protection principle (requirement that personal data be accurate and kept up to date);
e
section 39(1) sets out the fifth data protection principle (requirement that personal data be kept for no longer than is necessary);
f
section 40 sets out the sixth data protection principle (requirement that personal data be processed in a secure manner).
2
In addition—
a
each of sections 35, 36, 38 and 39 makes provision to supplement the principle to which it relates, and
b
sections 41 and 42 make provision about the safeguards that apply in relation to certain types of processing.
3
The controller in relation to personal data is responsible for, and must be able to demonstrate, compliance with this Chapter.