There are many legal and moral obligations that you must fulfil as a UK business, and one area that requires extra attention, particularly amongst the online business community, is data protection. The Data Protection Act is an important piece of legislation that aims to protect the privacy and integrity of data held by organisations across all industries, and it provides eight commandments for all to follow.
Here we take a closer look at the principles behind the Data Protection Act so that your small business can safeguard your customers and company from data loss.
Under the Data Protection Act, UK businesses of all sizes must follow a number of regulations when handling and storing personal information relating to clients, employees and other individuals. Enforced by the Information Commissioner’s Office (ICO), businesses must:
- Process data fairly and lawfully
- Use data for no other purpose than communicated
- Avoid the excessive and unnecessary collection of data
- Keep personal data accurate
- Not retain data for longer than necessary
- Process data whilst respecting the rights of its subjects
- Adopt secure measures to protect data
- Not transfer data outside the European Economic Area (EEA).
What types of data does the Act cover?
All personal data relating to any living person is covered by the Data Protection Act. This includes name, address, date of birth and any preferences or opinions communicated by the subject. All processing of personal data, from gathering and recording to using and destroying, is also covered.
What should I do to comply?
Failure to comply with the Data Protection Act is a criminal offence and can incur a fine of up to £5,000. There are a number of resources available for those looking to obey the Act, and enlisting the help of an IT support service may also provide the insight you need to protect your company and customer data appropriately.