Data Protection


Small Business Information	Home	My Account	Help

Documents by Trade

Legal Documents

Business

Company Formation
folder

Employment
folder

Divorce and Marriage
folder

Domestic and Consumer
folder

Financial Agreements
folder

Internet and IT
folder

Partnerships
folder

Power of Attorney
folder

Property Letting
folder

Wills and Probate

Free Documents

A-Z Documents Index

Search Website

Legal News

Latest News
news

RSS News Feeds

Free Newsletters

Information

Small Business

Advertising Law

Banking Law

Business Planning

Business Structures

Business Taxes

Charity Law

Consumer Law

Data Protection

Ecommerce

Education Law

Employing Staff

Environmental Law

Family Law

Health and Safety

Insurance

Intellectual Property

Medical Law

Pension Law

Property Law

Public Law

Tax Law

Travel Law

VAT

Lawyers

Legal Glossary

Services

Conveyancing

Data Protection

The Data Protection Act 1998 gives people the right to access information held about them by certain organisations. The act governs how such organisations can use the personal information that they hold - including how they acquire, store, share or dispose of it.

In general, the Data Protection Act applies to all organisations (including individuals who work in a self-employed capacity) who hold or use personal data whether held on computer or in manual records. This covers information about staff, customers, clients and any others who are dealt with in the course of any business or professional activity.

One of the requirements of the DPA is that individuals and organisations that are processing personal data need to "notify" the Information Commissioner that they are doing so and what the purpose of that processing is. There are exceptions to this rule if the personal information is held only for:

staff administration (including payroll)
advertising, marketing and public relations for your own business
accounts and records (some not-for-profit organisations).

The other responsibilities are:

to process the personal data you hold in accordance with the eight Data Protection Principles laid down by the Act. Additional requirements and restrictions apply to the processing of sensitive personal data such as an individual's health records, ethnic origin, trade union membership or political opinions.
to answer subject access requests received from individuals.

The eight Data Protection Principles require that information is:

fairly and lawfully processed
processed for limited purposes
adequate, relevant and not excessive
accurate
not kept longer than necessary
processed in accordance with individuals' rights
kept secure
not transferred to countries outside the European Economic Area without adequate protection.

Notification costs £35 per annum and is paid to the Information Commissioner.

Further information can be found at the Information Commissoner's Office at http://www.ico.gov.uk.