There is legislation requiring organisations to explain the purposes for which personal data is being processed. Companies also need to provide individuals with certain safeguards in respect of the processing of the information about them.
- Virtually every business needs to register with the Information Commissioner, as they handle personal information, such as names and addresses, about individuals.
- Businesses processing sensitive data must ensure there are adequate security measures in place to protect the data.
- Data must only be kept for long as is necessary to fulfil the initial purpose for retaining it.
- Failure to observe the legal requirements could have serious repercussions. Fines of hundreds of thousands of pounds have been levied for breaching data protection law.
What kind of issues arise?
In order to put an appropriate policy in place, you will need to consider the following issues:
- Does your business process information to which the data protection requirements apply? The legal requirements vary depending on the type of information being processed.
- Where is the information processed? Simply using a particular hosting, or cloud computing provider may put you in breach for example by transferring data outside of the EU.
- For what purpose is the information processed? Do you intend to use the data for marketing purposes?
- For how long is the information stored?
- Is the information kept up to date?
Key areas of assistance we offer include:
- UK/EU notification and registration
- Data Protection audits
- Reviewing and assessing use of personal data in marketing
- Advice on sales and direct marketing and managing customer databases
- Compliance and provision of ‘best practice’ advice including data retention.
- Ensuring your systems and processes meet relevant standards for sensitive personal data