Six Data Protection Principles under DPA 2018, Part-2

In our last article we discussed and briefly covered the three data protection principles as provided under DPA 2018. In today’s article we will deal and discuss the remaining three principles and they are-

4) The fourth Data Protection Principles (S.38):

The fourth Data Protection Principle is provided u/s. 38 of the DPA 2018 which speaks of “Accuracy”. Under the status it is specified that the data received from the data subject for law enforcement purposes  must be accurate and kept up to date and all reasonable steps must be taken to ensure that the personal data which is inaccurate, is erased, rectified without delay. 

The personal data so far as possible, be distinguished from personal data based on personal assessments. While processing the personal data a clear distinction must be made between the personal data relating to different categories of data subject for eg.- person suspected of having committed or about to commit a criminal offence, person convicted of a criminal offence, person who are/may be victims of a criminal offence, witness or other person with information about the offences.  

It is mandatory to ensure that all the reasonable steps are taken to maintain the accuracy of the personal data and in no case inaccurate, incomplete or data no longer required is transmitted or made available for any law enforcement purposes. 

In order to fulfil the purposes the quality of personal data must be verified before it is transmitted or made available such transmission shall be assessed on the basis of degree of accuracy, completeness and reliability of the data. However, it comes to knowledge that the data so transmitted was incorrect or unlawful, it must immediately be notified without delay.

5) The Fifth Data Protection Principles (S.39):

The fifth Data Protection Principle has been provided u/s. 39 which speaks of “retention period” and strictly says that the personal data must not be kept for longer than is necessary for the purpose for which it is processed. Appropriate time limits must be established as a period of retention. 

6) The Sixth Data Protection Principles (S.40):

The sixth data protection principle is provided u/s.40 it provides that the “processing must be done in a secured manner”.  This principle focuses on the manner of processing in order to ensure the appropriate security of the personal data, using appropriate technical or organisational measures. 

The term appropriate security includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Picture Credit- https://teachprivacy.com/