Transport for LondonData Protection
The Data Protection Act (DPA) 1998 regulates the use of personal information within all organisations, including Transport for London (TfL) and its subsidiary companies.
It also creates a legal right for individuals to request access to their personal information.
The DPA states that any organisation which processes personal information must be open about how that information is used and must comply with eight data protection principles.
These eight rules require personal data to be:
- Processed fairly and lawfully
- Processed only for specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate and, where necessary, kept up-to-date
- Not kept longer than necessary
- Processed in accordance with an individual's rights under the Act
- Kept secure
- Not transferred to non-European Economic Area (EEA)countries without adequate protection
The DPA also gives individuals rights to:
- Gain access to their data
- Seek compensation for damage or distress caused by their data not being processed in accordance with the Act
- Prevent their data being processed in certain circumstances
- Opt out of having their data used for direct marketing at any time
Subject access requests
Under the DPA, you can ask to see any personal information that we hold about you. Such requests are called subject access requests.
If you would like to make a subject access request, please complete the Subject access request form (67KB).
You will also need to provide one form of identification and proof of your address, for example, staff pass, driving licence, utility bill and, if appropriate, any particulars about the source or location of the information you are requesting.
These requirements and further details are outlined in the Subject access request form.
Further information about the DPA can be found on the Information Commissioner's Office website.
