Why is it essential for your organisation to comply with the Data protection Act?
The Information Protection Act 1998 (“DPA”), lays down eight information protection principles that any organisation processing data of people should comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on data protection into UK law introducing radical alterations to the way in which private data concerning identifiable living people can be utilized. The constant will need for companies to process private information suggests that the DPA impacts upon most organisations, irrespective of size. Moreover, the public’s growing awareness of their ideal to privacy suggests that data protection will remain an critical concern.
The DPA tends to make a distinction in between private information and personal sensitive information. Individual data consists of private information relating to employees, prospects, business contacts and suppliers. Sensitive information covers an individual’s ethnic origin, healthcare situations, sexual orientation and eligibility to function in the UK . The information protection principles set out the standards which an organisation have to meet when processing personal information. These principles apply to the processing of all private information, no matter if those data are processed automatically or stored in structured manual files.
What is data?
Data signifies information and facts which is processed by laptop or computer or other automatic gear, such as word processors, databases and spreadsheet files, or facts which is recorded on paper with the intention of becoming processed later by laptop or computer or facts which is recorded as part of a manual filing program, where the files are structured according to the names of people or other characteristics, such as payroll number, and where the files have sufficient internal structure so that particular facts about a specific individual can be discovered quickly.
What are the eight data protection principles?
The eight data protection principles are as follows:
Individual data have to be processed pretty and lawfully
Individual data should be obtained only for specified and lawful purposes and will have to not be processed further in any manner incompatible with those purposes
Private data have to be adequate, relevant and not excessive in relation to the purposes for which they had been collected
Private data must be correct and, where essential, kept up to date
Private data should not be kept longer than is needed for the purposes for which they had been collected
Personal information should be processed in accordance with the rights of information subjects
Personal information ought to be kept safe against unauthorised or unlawful
processing and against accidental loss, destruction or damage
Personal data need to not be transferred to nations outside the European
Economic Location unless the country of location delivers an sufficient level of data protection for these information.
What data comprises personal data?
Private data relates to information of living individuals who can be identified from those information, or from those information and other data which is in the possession of the data controller or which is probably to come into its possession for instance, names, addresses and property telephone numbers of employees.
What data comprises sensitive information?
Private Sensitive information (“sensitive information “) consist of information and facts relating to a information subject’s (men and women):
racial or ethnic origin
religious beliefs or other related beliefs
trade union membership
physical or mental overall health or situation
commission or alleged commission of any offences convictions or criminal proceedings involving the information subject.
convictions or criminal proceedings involving the information topic.
What is the which means of processing beneath the DPA?
The definition of ‘processing’ is pretty broad. It covers any operation carried out on the information and consists of, acquiring or recording information, the retrieval, consultation or use of data, the disclosure or otherwise making available of information.
Who is a data controller?
A ‘data controller’ is any individual who (alone or jointly with other people) decides the purposes for which, and the manner in which, the personal information are processed. The data controller will thus be the legal entity which workouts ultimate handle more than the personal data. Individual managers or workers are not data controllers.
The data controller is accountable for:
Individual data about identifiable living men and women
Deciding how and why personal information are processed
Information and facts handling – complying with the eight data protection principles
Acquiring “information subjects” consent for processing sensitive data
Existing procedures for handling sensitive or personal data
Safety measures to safeguard individual information
Who is a data processor?
A ‘data processor’ is a particular person or organisation who processes the information on behalf of the information controller, but who is not an employee of the information controller.
Who is Wills and Probate Solicitors ?
A ‘data subject’ is any living person who is the topic of personal information. There are no age restrictions on who qualifies as a data subject, but the definition does not extend to individuals who are deceased.
Are we essential to notify? What does notification imply?
An organisation ought to not method any personal data unless it has initial notified the Facts Commissioner of particular particulars, like:
the organisation’s name and address
the purposes for which the information are to be processed
any proposed recipients of the information
nations outdoors the European Financial Region to which the information may perhaps be disclosed.