Data protection

The Data Protection Act (DPA) aims to protect the rights of individuals regarding personal information stored about them. Personal information may be either factual information, such as a date of birth, or an opinion about an individual.

The Act also imposes a number of obligations on organisations that process personal information. In particular, compliance with the eight principles of good information handling which we have summarised below.

The eight principles of good information handling

Data must be:

  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate and up-to-date
  • not kept longer than necessary
  • processed in accordance with the individual’s rights
  • stored securely
  • not transferred outside of the European Economic area unless there is adequate protection of the information.

There are also a number of additional guidelines - particularly with regard to the recruitment and retention of staff, and staff monitoring in the workplace. These are set out in the Employment Practices Code, which can be accessed from the Commissioners web site. See www.ico.gov.uk/cms/DocumentUploads/ICO_EmpPracCode.pdf

The Information Commissioners Office (ICO) must be notified (annually) that personal data is being processed. The notification fee is currently £35 per annum. Notification should be made direct to the ICO in Wilmslow, Cheshire. You do not need to involve a third party to perform notification on your behalf.

You may not need to notify if for example you only process personal information for staff administration purposes such as payroll and personnel. If you are not sure whether your business should notify, then contact the Information Commissioner direct (either phone 01625 545740, or email: mail@ico.gsi.gov.uk or check the ICO website www.ico.gov.uk) and they can give advice. Your trade association or professional body may also publish guidelines regarding Data Protection.

Beware of bogus Data Protection organisations - there are a number of these operating and a full list of such organisations can be found on the ICO website (www.ico.gov.uk/eventual .aspx?id=4016). If a bogus organisation makes contact you are advised not to reply or make any payment to them but instead advise the local Trading Standards office.