Data Protection FAQ - The Company Warehouse

Data Protection FAQ

Questions

1. Do you provide a data protection registration/notification service?
2. What is the data protection act?
3. What are the data protection principles?
4. Do I need to notify ICO?
5. How do I make sure I use personal information fairly and lawfully?
6. What are an individual's rights under the data protection act?
7. What about staff?
8. What will happen if I fail to comply?
9. I need more data protection information, can you help?

Answers

1. Do you provide a data protection registration/notification service?
   Yes. The Company Warehouse provides a Data Protection notification service which means that we fill out the application of notification to the Information Commissioners Office on your behalf. Saving you time and hassle.
   
   
2. What is the data protection act?
   The Data Protection Act 1998 is the legal statute laid down for the protection of personal information which might be used by businesses during their operation. It covers all sorts of information including names, addresses, bank details and much more. The act governs how such information should be collected, stored and handled, including its destruction and disposal.
   
   
3. What are the data protection principles?
   There are a number of principles laid down by the Data Protection Act which cover how the information gathered by a company should be handled. There are 8 rules:
   1. Processing – Data must be processed fairly and lawfully.
   2. Relevancy – Data collected must be adequate, relevant and not excessive.
   3. Purpose – Data must only be used for the purpose for which it was originally collected.
   4. Accuracy – Data must be accurate and kept up-to-data, with errors being swiftly corrected.
   5. Retention – Data must not be kept for is longer than necessary
   6. Use – Data must be used within (and according to) the rights of the individual
   7. Secure – Date must be kept secure.
   8. Transfer – Data must not be transmitted outside the EU unless protection is put in place
   
   
   
4. Do I need to notify ICO?
   Most companies will be required to notify the Information Commissioners Office of their intention to operate in a manner which will necessarily involve dealing with data and information. If you will be processing data using computers or have CCTV on your premises, then it is very likely that you will be covered by the data protection act and expected to properly register with ICO. For more information, speak to one of our consultants on 0800 0828 727.
   
   
5. How do I make sure I use personal information fairly and lawfully?
   Following the principles of the data protection act is simple enough. You must ensure that you only gather information that is relevant to your business and the service you are offering. You must not give the information you have gathered to other people without the written and specific permission of the information giver. So giving customer information to other agencies so they can market their products to the potential client is unacceptable under the act. This is when you sign up for things (as a consumer) you will often find an “opt out” box to tick with regard to the sharing of your information.
   
   
6. What are an individual's rights under the data protection act ?
   People are granted the right to request information on the data held about them, as well as other things, including the right to have incorrect or inaccurate information held about them adjusted. They also have the right to make a “Subject Access Request” (SAR) which is a written or electronic request for information held about themselves. As a business, you can make a small charge for such a request, to cover the costs of doing so (to a maximum of £10) but otherwise must fulfil the requirement.
   
   
7. What about staff?
   Your employees are also protected by the laws and principles laid down by the Data Protection Act. You may only gather and store information on them which is relevant to their employment and you must not disclose this information to outside agencies except where required to do so by law (for example giving information to HMRC). Employees are entitled to see the information held on them in the same way as any other person. It should also be noted that employees are just as responsible as you for upholding the data protection principles. You must ensure that they get the proper training and guidance to carry out their jobs lawfully under the act and do not leave the company open to legal action by failing to follow the data protection principles. With regard to monitoring staff and gathering information on them, the act makes it clear that staff must be informed of your actions and why they are being carried out. Privacy must be respected and covert monitoring is rarely allowed unless some sort of criminal activity is involved.
   
   
8. What will happen if I fail to comply?
   Failure to comply with the principles laid down by the Data Protection Act can have quite serious consequences for the company. Knowingly or recklessly dealing with data in a way which contravenes the Act could lead to the Information Commissioner bringing legal action against you. Depending on the severity, this could mean criminal prosecution and a fine (up to £5,000 in a Magistrates court or unlimited fine in a Crown Court).
   
   
9. I need more data protection information, can you help?
   If you cannot find the answer(s) on our site, first of all, take a look at the Information Commissioners FAQ's. You might find their site helpful. If you are forming a new company and need help with the ICO notification and related data protection issues, then our legal team may be able to help. Contact us today on 0800 0828 727.