Part 1 covered the first 4 principles of the 1998 Data Protection Act, part 2 covers the final 4 principles.
not be kept for any longer than is necessary: If the purpose for which you collected the data is time-limited, you must ensure that the data is not retained if no longer needed. Where applicable, you should tell individuals how long the data is likely to be retained for.
be processed in accordance with the rights of individuals: The Act sets out the rights of individuals, as well as the responsibilities of data controllers. You should make sure that you understand these rights, and act in accordance with them.
be kept secure: You must take adequate steps to ensure the security of the data. This means that it should be safe from tampering, loss, or unlawful processing. You may need to develop both technical and organisational processes to help you deal with this obligation.
not be transferred outside the European Economic Area without adequate protection: Data may only be transferred out of the EEA if the country to which it is being transferred has adequate legal protection for individuals and their details.
As well as ensuring that you abide by the eight key principles, you may also be required to notify the Information Commissioners Office (ICO) of your activities. The Act works on the basis that all data controllers are required to notify, but some exemptions are available. If you are not exempt but you fail to notify the ICO, you risk prosecution.
You may be exempt from the notification requirement if:
* you only process data for the purposes of: staff administration; payroll; advertising, marketing and PR that are directly related to your own business activities; or accounts and record-keeping
* yours is a not-for-profit organisation
* data is only being processed for personal, family, or household affairs
* you only process data in order to maintain a public register
* or if no automated system, like a computer, is used in the processing of data.
If you do not qualify for an exemption, you must notify the ICO. You can do this online, through the ICO website, or by calling the Notification Department on 01625 545 740.
The new penalties for non-compliance mean that it is more important than ever for small and medium sized enterprises (SMEs) to abide by their data protection obligations. If you are in doubt, you should seek advice from the Information Commissioner’s Office, or from an independent legal professional.
Member since: 21st May 2012
Wardour Secure Networks in Grantham provides protection for new business start-ups and businesses with existing IT systems.