The Data Protection Act Explained

05.09.2014

How To Avoid A Hefty Fine...

  

  

The Data Protection Act

  

Passed by the British government in 1998, The Data Protection Act is a law that all businesses and organisations must abide by. Whatever your business operates in , it is critical to have a thorough understanding of the rules. To help you get your head around the ins and outs of the Act, we’ve compiled this comprehensive guide that will assist you, your employees and your business in staying compliant.

  
What is The Data Protection Act?
Put simply, The Data Protection Act simultaneously sets rules and guidelines for parties storing personal data and also establishes rights for the people whose data is being stored. There are a number of major principles, the most important of which are listed below:

 
• Data may not be used for a reason different from why it was originally collected
• Data holders may not reveal information to other parties without prior permission
• People have the right to request any data that concerns them
• Data must not be kept for longer than necessary
• Data must be accurate and up to date
• Data cannot be sent outside the European Economic Area without sufficient protection
• Data must be registered with the Information Commissioners Office
• Organisations must have adequate security measures in place

 
What sort of data does it apply to?
While the majority of modern businesses and organisations use digitally stored data, many still use paper records. The Data Protection Act applies to both these forms of information. Common examples include names, addresses, telephone numbers, job history and medical records.

 
What are the fines?
For those that don’t comply with the guidelines, the consequences can be severe. The Information Commissioners Office is ruthless when it comes to upholding compliance regulations and will not hesitate to hand out fines when necessary. The British Pregnancy Advice Service is the latest high profile organisation to fall victim to a breach, recently fined £200,000 when a malicious hacker infiltrated its system and threatened to reveal the names of thousands of people who had sought advice on abortions, birth control and pregnancy related matters.

  
How can my business comply?
It is essential for businesses to stay compliant with The Data Protection Act regulations. Any breaches of confidentiality can result in company crippling fines, legal action and severe loss of reputation. The first thing to do is to ensure that the entire staff base has a thorough understanding of the Act and what steps need to be taken in order to comply. It is also essential to have a reliable data destruction service to ensure that any confidential documents are disposed of safely and securely. While it may seem harmless to leave things such as letters and confidential information lying around on desks, the reality is that if it accidently falls into the wrong hands, the consequences could be severe.
Armed with a complete understanding of The Data Protection Act, there is no reason why your business should fall victim to any cases of non-compliance. With the right education, data security measures and document disposal equipment, you can ensure that your business upholds a stringent data protection policy at all times.
 

More News >