Memory Game Data Protection Act - PrinciplesOnline version Data Protection Act - Principles by Jenny Andrews Personal data should be obtained and processed fairly and lawfully Personal data cannot be transferred to countries outside the European Economic Area (EEA) Appropriate security measures must be taken against unauthorised access Personal data should be adequate, relevant and not excessive for the required purpose Personal data should be accurate and kept up-to-date Personal data should not be kept for longer than is necessary Personal data should be accurate and kept up-to-date Personal data should not be kept for longer than is necessary Appropriate security measures must be taken against unauthorised access Personal data should be obtained and processed fairly and lawfully Personal data can be held only for specified and lawful purposes Personal data cannot be transferred to countries outside the European Economic Area (EEA) Data must be processed in accordance with the rights of the data subject Personal data should be adequate, relevant and not excessive for the required purpose Data must be processed in accordance with the rights of the data subject Personal data can be held only for specified and lawful purposes