Are you Data Protection Aware?
The UK Data Protection Act (DPA) of 1998 aims to promote high standards in the handling of personal information, it was set up to protect individual’s right to privacy. Any business, which holds and processes personal information about their students, clients, employees or suppliers are legally obliged to protect that information. This applies to any type of business, from sole traders to Ltd companies.
Under the DPA, you must:
- only collect information that you need for a specific purpose;
- keep it secure;
- ensure it is relevant, accurate and up to date;
- only hold as much as you need, and only for as long as you need it;
- allow the subject of the information to see it on request.
What sort of personal information is covered by the Act?
The DPA covers any information that relates to living individuals which are held electronically. For example, this may include information such as name, address, date of birth and opinions about the individual or any other information from which the individual can be identified.
What sort of processing is covered by the Act?
The processing of personal information includes obtaining, disclosing, recording, holding, using, erasing or destroying personal information. The definition is very wide and will cover virtually any action which is carried out on a computer.
What if I process information about individuals?
The Information Commissioner’s Office (ICO) maintains a register of businesses and organisations who are responsible for processing information and the purposes for which they use personal information.
If you hold and process information about individuals who are customers, employees, suppliers, clients or other members of the public, you may need to record that on the register. This is called ‘notification’. Check out if you are required to register here! This is an annual process so it would be worth checking your registration is up to date!
Changes are coming!
The UK Data Protection Laws are changing on 25th May 2018, when the General Data Protection Regulation (GDPR) comes into effect. We will post more information about this soon. In the meantime, if you want further information, you can find this here.