SIOG10110 - Procedural matters: data protection: Data Protection Act 1998
The Data Protection Act 1998 (DPA) gives ‘living individuals’ the right of access to their information or personal data in any form, including electronic and paper. HMRC’s policy is to be as open as possible with our customers. Our policies and procedures are designed to exceed the minimum requirements of the Act.
The DPA does not specify what records we should keep or how long we should retain them. The Act incorporates eight data quality principles which all government departments must follow, we must ensure that our records are:
- adequate for our business purpose, relevant and not excessive
- accurate and up-to-date
- not kept for longer than is necessary.
We can exempt information from disclosure in certain circumstances; these are defined by the Act.