Complying with Data Protection Legislation

In the UK the Data Protection Act 1998 came into force in March 2000. This topic covers its relevance to staff and third parties. Failure to register under the Act can leave your organisation's directors personally liable, with possible penalty fines, currently in excess of £5,000 for non-compliance.

To view the related Policy click      

  • If registration under the Data Protection Act has not been completed, your organisation is under threat of possible legal action, the consequences of which could be severe.

  • Contact the Data Protection Commissioner via the Data Protection Agency Web site to check your organisation's registration details, using the 'Notification' navigation bar.
  • Through your organisation's legal representatives ensure that notification and registration has been completed. If it has not, act immediately to register under the Act.
  • Ensure that the standards for the capture, storage and disclosure of personal information are included in your Organisation Code of Conduct (See Being Aware of Legal Obligations).
  • If your staff are unaware of the principles of Data Protection, they may break the law without realising it.

  • Your Organisation Code of Conduct should set out the eight principles of the Data Protection Act :-
  1. The data should be adequate, relevant and not excessive.
  2. The data held should be accurate.
  3. The data should be held securely.
  4. The data should be fairly and lawfully processed.
  5. The data should be used for limited purposes only.
  6. The data should not be kept longer than is necessary.
  7. The data should be processed in accordance with the clients rights.
  8. The data should not be sent outside the UK to countries who do not have a data protection scheme.
  • You are required to respond to legitimate enquiries from persons about whom you hold information. Failure to do so can result in legal action.

  • In accordance with the Data Protection Act, appoint a Data Protection Officer to deal with any enquiries about personal data held by your organisation.
  • If your organisation stores personal data about both your staff and your clients, consider appointing separate Data Protection Officers for each specialist area.
  • Initiate periodic checks to ensure that the requirements under the Data Protection Act are being adhered to.
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page