Data Protection

Posted on by
Reply

Data Protection

Data Protection what are the risks ?

The majority of businesses currently operating in the UK hold data and accordingly must ensure that they comply with the Data Protection Act 1998 (DPA). What does this mean in simple terms? Businesses often hold data about their employees, customers, clients or have information retained following market research exercises to name but a few. How this data is dealt with and held is governed by the DPA and breach can lead to some serious consequences such as a large fine.

To try and protect your business from falling foul of the DPA it is important to ensure compliance one way to try and do this is by introducing a data protection policy setting out how you handle and store data and ensure that all of your employees are fully appraised of this.

Many companies now do much trade and marketing through the internet which has increased the amount of data being collected and held by these businesses and further increased the risk of data being mishandled.

Any business which “processes” and personal information about individuals is governed by the DPA for example peoples age, addresses etc. Information is likely to be considered data if a living person can be identified from it.

It is important to ensure that once data is collected it is only stored for the period of time that is required to use the data for the purpose for which it was collected.

The rules under the DPA apply to all data controllers within the UK. A data controller is a person or entity who determines how personal data is dealt with. All data controllers must register with the Information Commissioner who regulates data controllers in order to notify of their intention to process data. Even if a data controller fails to register this does not exempt them from the obligations under the DPA.

The main principles set out in the DPA that the data controllers must comply with are that the data must be processed fairly and accurately and in accordance with the guidelines set out in the DPA. It should also only be collected and used for specific and lawful purposes and not used for any other purpose than that which it was collected for. It must be adequate relevant and not excessive for the purpose for which it was collected. It should be accurate and kept up to date (if relevant) not be kept for any longer than is considered necessary, appropriate measures must be taken to ensure that it is protected against unlawful processing, accidental damage etc not be transferred outside of the EU unless the country to which it is transferred has Data Protection laws that are compliant with the UK laws.

In order to ensure that the processing is fair it is best practice to advise the individual of the data processing.