Data Protection

Data Protection Act 1998

As an organisation do you have a data protection policy to comply with all the relevant regulations? Are your staffed trained to comply with data protection? Penalties of non compliance can be a fine by the ICO of up to £500,000 plus any other fines by another regulator if you also as a company need to comply with FSA or other regulations.

As a company if you handle personal information about individuals, you have a number of legal obligations to protect information. This data can be obtained online for offline for a subscription to a newsletter, product information, or any other service an individual signs up for to receive.

As an organisation you are legally obliged to protect any personal information which you hold, and may be required to notify the Information Commissioner's Office ("ICO"). Public authorities are also obliged to provide public access to official information. The ICO is here to help you understand these obligations and keep you updated as and when they change

There are Eight Data Protection Principles which are set out below:


Fourth Principle - Personal data must be accurate hence company policy should be to check regularly ie every six months or once a year, as necessary.

Fifth Principle - Do not keep data for longer than you need to, ie job applications received should not be kept for more than four months, unless you are required under other regulations.

Sixth Principle - The subject has the right to request a copy of the data held about them, they can ask that the data stop being processed about them as it may cause them harm or damage, stop all marketing being sent to them, if the data is wrong to be blocked, removed, rectified, or destroyed, object to all automated decisions being made about them and have the right to claim compensation for any breach of damage caused.

Seventh Principle - Data must be secured and if the data must be sent out it must be encrypted. Encyrption includes laptops and computers and usb access locked in the organisation.

Eighth Principle - Data sent outwith the EEA countries and those considered safe must be researched so that there is adequate protection and security in place. The USA has a safe harbour framework with the EU but under USA RIPA rules and regulations your data can be given to the US government without your knowledge by the US company if they requested by the US Government. Cloud computing comes under this and the Seventh Principle.