Data protection

The Data Protection Act regulates how your business processes personal information about living individuals. All businesses are required to comply with the eight data protection principles. You may also be required to notify the Information Commissioner of your data processing activities. Making sure that you understand and comply with data protection regulations helps protect your business against regulatory action.

The data protection principles

The eight data protection principles set out the basic ground rules for how businesses process personal information. ‘Processing’ covers practically anything that can be done with information - obtaining it, collecting it, sorting it, analysing it, discussing it, destroying it or even just filing it, whether through your business’s IT systems, via CCTV or in a manual filing system.

To comply with the data protection principles, you must only process personal information when you have a fair and lawful reason: for example, when an individual is a customer or employee. You must take particular care with sensitive information (for example, about an individual’s criminal records).

You must limit your processing of personal information: only collecting the information you need, using it for specified purposes and deleting it when you no longer need it.

You must also keep information up-to-date and hold it securely. There are restrictions on transferring personal data overseas.

Individuals have the right to ask to see the information you hold on them. They can ask you to correct inaccuracies, and not to use the information for direct marketing.

Data protection notification

Provided you comply with the data protection principles, you are allowed to process personal data for core business purposes without notification. These core business purposes include staff administration and marketing to your customers.

If you process personal data for other purposes, you must notify the Information Commissioner. You give details of the personal information you process and why, and pay a small fee.