|
Data Protection Act Compliance |
Background to the Act
In response to the EU Data Protection Directive, which sought to standardise the protection of personal data across the European Union, the UK introduced the Data Protection Act 1998 “the Act” in March 2000. Other EU member states have similar legislation.
Key terms used in the Act
A data subject is any unique living individual to whom the personal data belongs. A data controller is an organisation which collects personal data. A data processor processes personal data on behalf of a data controller.
What does the Act consist of?
There are eight principles to the Act. These can be summarised as the need to process personal data fairly and lawfully for one or more limited purposes using personal data which is adequate, relevant and not excessive for the limited purpose(s); personal data should not be kept for longer than is necessary and its accuracy should be maintained; the rights of data subjects must be upheld, including a right to see a copy of their data and their personal data must be protected against unauthorised access, accidental loss or destruction; finally, personal data should not be transferred to non-EEA countries without adequate arrangements for protection the data.
Doesn’t the Act only cover computer data?
The previous version of the Act, known as the Data Protection Act 1984, did only cover computer data. However the Act now covers personal data in any form, including certain voice recording systems and images processed by certain types of CCTV system.
My organisation doesn’t process personal data as we don’t have customers so why do I need to worry about the Act?
Some organisations are exempt from being registered under the Act. However they still need to comply with the 8 principles. Besides, as most organisations employ staff, they are data controllers for the personal data relating to their staff.
What do I need to do to comply?
Firstly, if your organisation processes personal data, and most do, then you need to notify the Information Commissioner of the processing you perform unless you are exempted from doing so. The fee for notification is only £35 per legal entity and it is an offence not to notify where you have no exemption from doing so. The necessary forms and comprehensive guidance is available on the Information Commissioner’s web site at http://www.informationcommissioner.gov.uk.
Secondly, you need to take steps to ensure that you comply with the 8 principles of the Act.
How can Teed Business Continuity help?
We can help by providing awareness presentations or training to help your staff and senior management better understand the Act and its implications for them and for your organisation. We can also conduct a compliance review and identify areas where you may need to improve your current level of compliance with practical suggestions of how to achieve this.
|
|
 | |  | |
Reviewing Continuity in the Supply Chain |
| Most organisations have a high dependency on external suppliers of goods and services in order to function efficiently and meet their objectives. However this dependency is often taken for ... |
| |  | |  |
|
