Rules & Regulations

Home / Business Toolkit / Rules & Regulations / Data

Listen Speak This Page

Woman With FilesData: The Data Protection Act


In this topic:

 

The Data Protection Act 1998

The Data Protection Act (DPA) exists to provide both protection for individuals and guidance for those handling personal information. It applies to all businesses and staff that write down or put onto a computer information about individuals (which also includes businesses that are sole traders or partnerships). The government body responsible for overseeing the practical application of the act is the Office of the Information Commissioner.


What does the act do?

The act provides eight principles which must be followed by anyone who handles personal information. The eight principles are as follows.


Personal information must be:

  1. Fairly and lawfully processed
  2. Processed for specific purposes
  3. Adequate, relevant and not excessive
  4. Accurate and where necessary kept up to date
  5. Not kept for longer than is necessary
  6. Processed in line with the individual
  7. Kept secure
  8. Not transferred to countries outside the European Economic Area unless there is adequate protection for the information

The DPA also gives rights to individuals to see information held about them, to have it corrected or destroyed and to ask that information about them is no longer held or used and that this stops within a reasonable timeframe.


Businesses, like mailing and fulfilment houses, that handle customer data as their core business have to register with the Information Commissioner and go onto the Data Controllers Register.

 

Who does the act apply to?

The DPA applies to anyone and everyone holding information about living individuals in electronic format or on paper. They must follow the eight data protection principles of good information handling. You are only allowed to capture and keep information for your core business purposes.


Core business purposes means making sales or bookings, prospecting for sales or bookings, researching, supplying goods or services, managing your organisation, conducting staff administration and conducting your business' own marketing and advertising.


What kind of data does the act cover?

The act covers personal data relating to living individuals. As well as members of the public this is also generally taken to mean small businesses such as sole traders and unincorporated partnerships. The act does not cover data about companies or large organisations.


Personal data means information such as name, contact details (eg address, telephone, email address etc), information of a personal nature (for example description, employment details, health information etc) plus any additional information, labels, tags or flags associated with the information record that enables that record to be found, retrieved, used or processed.


As an example, a bed-and-breakfast establishment may hold information about guests who have stayed, guests who enquired about staying, staff, and suppliers - all of which would be covered by the act.


The act also makes provisions for how the data is obtained as well as how it is held, processed and used.


Why should the act be followed?

Good information handling is a requirement of law, but it is also common sense: sending information to an individual when they do not want it is a waste of energy and resources. Shoddy handling of data results in a poor opinion being formed of the handling business and criminal handling (ie not in line with the DPA guidelines) can result in an individual seeking compensation against a business through the courts for any damage suffered as a result.


Failure to comply with the DPA can result in the Information Commissioner taking enforcement action against a business in order to bring them into compliance with the DPA principles.


What are the implications of the act for a business?

The main impact of the DPA is that every business must put into place, and assiduously follow, correct procedures in order to comply with the eight principles of the DPA.


Next in this topic:

Back to the Top

Quick Links

Find Funding

Ticket Terms
43 Kb
Ticket Terms

Sample terms and conditions for all types of businesses that sell tickets or provide events or function room hire.

Data Protection Act
54 Kb
Data Protection Act

Individual rights
obligations of data controllers

Your Business and Disability Discrimination
113 Kb
Your Business and Disability Discrimination

This factsheet introduces the Disability Discrimination Act and explains the implications for your business. It helps you understand how to successfully comply with the Act, where to get more information and sources of help.

Equipment hire terms
29 Kb
Equipment hire terms

Sample equipment hire terms and conditions for all types of businesses that hire out equipment.

Serviced Terms
34 Kb
Serviced Terms

Sample terms and conditions for all types of serviced accommodation.

Guest Registration Template
60 Kb
Guest Registration Template

A guest registration card template for you to download.

Self Catering Terms
37 Kb
Self Catering Terms

Sample self catering terms and conditions for all types of self catered accommodation.

Background Music and Music Events
58 Kb
Background Music and Music Events

This factsheet covers the licensing information you need to know to legally put on a music event. It covers Performing Rights Society Licences, Phonographic Performance Ltd Licenses, Temporary Events Notices, Premises Licenses and introduces the 2003 Licensing Act.

Licensing Act 2003
54 Kb
Licensing Act 2003

Preliminary points
Premises Licenses
Personal Licenses
Club Premises Certificates
Temporary Event Notices (TENs)

Click here to download Adobe Acrobat Reader

Rules, Regulations & Licenses

RSS News Feed Rules, Regulations & Licenses RSS News Feed

RSS News Feeds

Useful Website Links
Leave feedback
Found this useful? Forward this on.
Print this page