FAQs about Data Protection

DATA PROTECTION FAQ

The Data Protection Act 1998 protects personal information such as names and addresses that may be utilised by organisations. The Act explains how this information should be gathered, stored and dealt with including its destruction.

The principles of the Data Protection Act cover:

1.            Processing

2.            Relevancy

3.            Purpose

4.            Accuracy

5.            Retention

6.            Use

7.            Security

8.            Transfer

Data protection

  • The Data Protection Act 1998 governs the ‘processing’ of any personal information by business and other organisations.
  • The Act deals with the information stored on computers and in hard copies
  • You should inform the Information Commissioner if your business processes information through computers or CCTVs

You will be exempted from notifying the Commissioner when:

  • The information being processed is just for a few business activities
  • You keep information about your past and current customers
  • The information can help you in making decisions about managing your business

Personal data must be:

  • fairly and lawfully processed – each person needs to give consent in order to process personal data, it is essential to comply with legal obligations
  • acquired  for specific and lawful purpose
  • sufficient, applicable and no more than is necessary
  • correct and up to date
  • kept only for as long as it is essential
  • dealt with the rights of the individual
  • protected against illegal processing, loss, destruction or damage
  • transferred to country outside the European Economic Area (EEA) only if it is ensured that there is an sufficient level of protection

In order to comply with the principles, you can only gather the necessary information and the person that is a subject of the process must be informed as soon as practicable.

  • There are 28 days to put things right if the information held is incomplete or incorrect.
  • You should delete the information that you do not require.
  • Use secured systems to protect yourself against destruction or theft.
  • Individuals can be charged about £10 for written information. The information should be written in a simple language and provided to the applicant within 40 days of the request.
  • It is important to look out for sensitive information such as race, political views, religion or sex life. In these circumstances, the information can only be processed with the person’s consent.

The Information Commissioner encourages good practice and takes control if it is necessary to enforce certain actions. He looks at complaints and has a power to enforce the Freedom of Information Act 2000 which helps to regulate access to information held by public authorities.

Click here to return to the main data protection law page.