The Data Protection Act 2018 aims to control how personal information is used by organizations, businesses, or the government, ensuring individuals' privacy rights are protected.

The principle 'Kept indefinitely for future use' is NOT a data protection principle under the Data Protection Act 2018. Data must be kept only as long as necessary for its intended purpose.

Under the Data Protection Act 2018, sensitive information, such as race and ethnic background, receives stronger legal protection due to its potential to cause harm or discrimination, unlike general or publicly available information.

Under the Data Protection Act 2018, individuals have the right to access their personal data held by organizations. This ensures transparency and allows individuals to know what data is being processed about them.

One of the key responsibilities of a Data Protection Officer under the Data Protection Act 2018 is to ensure compliance with data protection laws, safeguarding personal data and upholding individuals' rights.

Processing data for contractual obligations is a lawful basis under the Data Protection Act 2018, as it is necessary to fulfill a contract. The other options do not meet legal requirements for data processing.

Under the Data Protection Act 2018, organizations must notify affected individuals and the Information Commissioner's Office about a data breach, ensuring transparency and compliance with legal obligations.