Data Protection Registration FAQ's:

Data Protection Registration Answers

1. What is Data Protection?

   Data protection is a rule of law put in place to ensure that individual's private information is held and dealt with properly. This is to make sure people are protected from harm caused by loss or misuse of their personal data.

2. What is the Data Protection Act?

   Data protection is a rule of law put in place to ensure that individual's private information is held and dealt with properly. This is to make sure people are protected from harm caused by loss or misuse of their personal data.

3. What are the data protection principles?

   There are a number of principles laid down by the Data Protection Act 1998 which cover how the information gathered by a company should be handled. There are 8 rules:

   1. Processing – Data must be processed fairly and lawfully.

   2. Relevancy – Data collected must be adequate, relevant and not excessive.

   3. Purpose – Data must only be used for the purpose for which it was originally collected.

   4. Accuracy – Data must be accurate and kept up-to-data, with errors being swiftly corrected.

   5. Retention – Data must not be kept for is longer than necessary

   6. Use – Data must be used within (and according to) the rights of the individual.

   7. Secure – Date must be kept secure.

   8. Transfer – Data must not be transmitted outside the EU unless protection is put in place.

4. Who is the Information Commissioner's Office?

   The Information Commissioner’s Office is the government body responsible for the management and governance of the data protection laws. They ensure that every business abides by the data protection principles, is properly registered on the “data controller” register where appropriate and deals with the prosecution of offenders.

5. Do I need to notify Information Commissioner's Office?

   Most companies will be required to notify the Information Commissioner's Office of their intention to operate in a manner which will necessarily involve dealing with data and information. If you will be processing data using computers or have CCTV on your premises, then it is very likely that you will be covered by the Data Protection Act and expected to properly register with ICO. For more information, speak to one of our consultants on 0800 0828 727 or see our page on Data Protection Notification.

6. I want to record customers that ring our company, can I do this?

   According to the Information Commissioner's Office, you may record people calling your company if you have a legitimate reason for doing so e.g. staff training purposes.

7. I wish to use CCTV on my premises; does the Data Protection Act apply to me?

   Yes. If you use CCTV to monitor your place of business then you need to carry out a Data Protection Registration and abide by the laws laid out by the Data Protection Act. For more information see the Information Commissioner's Office CCTV Code of Practice.

8. How do I make sure I use personal information fairly and lawfully?

   Following the principles of the Data Protection Act is simple enough. You must ensure that you only gather information that is relevant to your business and the service you are offering. You must not give the information you have gathered to other people without the written and specific permission of the information giver. So giving customer information to other agencies so they can market their products to the potential client is unacceptable under the act. This is when you sign up for things (as a consumer) you will often find an “opt out” box to tick with regard to the sharing of your information. More guidance on how to abide by the Data Protection law is included as part of our Data Protection Registration Service.

9. What are an individual's rights under the Data Protection Act?

   People are granted the right to request information on the data held about them, as well as other things, including the right to have incorrect or inaccurate information held about them adjusted. They also have the right to make a "Subject Access Request" (SAR) which is a written or electronic request for information held about themselves. As a business, you can make a small charge for such a request, to cover the costs of doing so (to a maximum of £10) but otherwise must fulfil the requirement.

10. What about staff? Does the Data Protection Act apply to them as well?

    Your employees are also protected by the laws and principles laid down by the Data Protection Act. You may only gather and store information on them which is relevant to their employment and you must not disclose this information to outside agencies except where required to do so by law (for example giving information to HMRC). Employees are entitled to see the information held on them in the same way as any other person. It should also be noted that employees are just as responsible as you for upholding the data protection principles. You must ensure that they get the proper training and guidance to carry out their jobs lawfully under the act and do not leave the company open to legal action by failing to follow the data protection principles. With regard to monitoring staff and gathering information on them, the act makes it clear that staff must be informed of your actions and why they are being carried out. Privacy must be respected and covert monitoring is rarely allowed unless some sort of criminal activity is involved.

11. What will happen if I fail to comply with the Data Protection Act?

    Failure to comply with the principles laid down by the Data Protection Act can have quite serious consequences for the company. Knowingly or recklessly dealing with data in a way which contravenes the Act could lead to the Information Commissioner bringing legal action against you. Depending on the severity, this could mean criminal prosecution and a fine (up to £5,000 in a Magistrates court or unlimited fine in a Crown Court). For more information see our article on Data Protection Notification – Your legal obligations.

12. Do you provide a data protection registration/notification service?

    Yes. The Company Warehouse provides a Data Protection Registration Service which means that we fill out the application of notification to the Information Commissioner's Office on your behalf. Saving you time and hassle.

13. I need more data protection information, can you help?

    If you cannot find the answer(s) on our site, first of all, take a look at the Information Commissioners FAQ's. You might find their site helpful. If you are forming a new company and need help with the ICO notification and related data protection issues, then our legal team may be able to help. Contact us today on 0800 0828 727.