Data Protection Act 1998 - Schools must register all personal data and state the purpose for which it is required. All data held must be relevant, adequate and not held for longer than it is required. Where personal data is out of date or no longer required, it must be destroyed. Cross reference with schools as organisation unit. Criteria 4.2
An Introduction to Data Protection in Health is a concise programme that explains the fundamentals of Data Protection Act 1998, including its overarching principles and what organisations must do to comply with them.