Data protection is a growing concern for many businesses and if this is something you have not given much thought to, it may cause you some issues in the future. Most businesses will hold personal data on people, whether they are employees, customers or clients and so you must ensure that your business complies with the Data Protection Act 1988.
The Data Protection Act does exactly what it says it does, it protects personal data. As a business, there are two ways in which you will use and keep personal data. One is as a data controller and the other is as a data processor.
To ensure that your business is protected you need to be clear whether you are a data controller or a data processor. You are a data controller if you keep data about living people within your business, whether they are clients or customers. The only exception to this. This is where you hold and use personal information, but another company is responsible for what happens to it, for example if you provide payroll or HR services for another company. This makes you a data processor. Although a company may be a data processor when providing payroll services for others, they will be a data processor for their own staff and also for their own clients too.
A data controller has a legal responsibility to ensure that the data they hold is protected and there are eight principles under the Data Protection Act, which must be followed in order to meet this legal responsibility.
These eight principles are:
1. you must obtain the data fairly and process it fairly too
2. you must only keep it for one or more specified purposes
3. you must only process it in ways and for the purpose for which it was provided
4. you must keep it secure and safe
5. keep it up to date and accurate
6. you must make sure it is relevant and not excessive
7. you should not keep it for longer than you need it
8. you must provide a copy of all data held if someone requests it
If your business does not follow these eight rules, then you will be in breach of the Data Protection Act. The Data Protection Commissioner offers clear guidance on how this legislation applies to your business and even breaks down the act into sections, such as marketing data, employee data, education or school data and medical data. It is important to look at these areas in relation to your business as there may be differences.
You may also be required to register with the Data Protection Commissioner. This depends on the type of business you are running. You should check whether you need to register. Data protection is a serious issue in business and you should ensure that you and your business are protected.