The Data Protection Act has been mentioned a lot in the news recently but how does it affect businesses in the UK?
Almost every business in the UK should notify the Information Commissioner’s Office (ICO) to make them aware that they process ‘personal data’ – this is classed as any data that can identify a living person. It is difficult to pinpoint and give exact examples of what is classed as processing (even for the ICO) but it is safe to say that the vast majority of UK businesses need to comply and register for the DPA.
This can be done very easily, quickly and cheaply (£36/year) at the ICO website – www.ico.gov.uk – and there is a lot of useful information on their site as well, giving guidance on scenarios requiring registration and how to comply with the Principles of the DPA.
The ICO is gaining increased powers to fine businesses heavily, not only for breaching the Data Protection Act but also for failing to notify them that personal data is being processed and they are no longer targeting the large corporations – small businesses are receiving fines now as well.
Here are some pointers regarding the Data Protection Act:
- Visit the ICO website and see if your business needs to notify, it is highly likely that it does
- Check the advice on the ICO website for dealing with personal data
- Think about the way you deal with personal data and see if there are ways it could be done more securely
- Introduce policies for securing data, in particular when disposing of data when there is a very real risk of it falling in to the wrong hands