The Data Protection Act
This governs how you as a business can use the personal information of your customers and / or employees. If you store people's personal details, such as customer or employee records, then the principles of the Data Protection Act apply to you and you must comply with them.
The eight principles of the Data Protection Act require that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
Complying with the Data Protection Act is generally a matter of common sense, but it is always worth looking at your procedures to check from time to time just in case you are inadvertently not complying with one or more of the principles.
Your responsibilities as a private business include:
- Notifying the Information Commissioner that you are processing information
- Processing personal information in accordance with the eight principles of the Act
- Answering subject access requests received from individuals
Privacy Policies
If you deal with people’s personal details (such as names, eMail addresses, addresses, phone numbers and so on) in any way, it is important for their peace of mind and for enhancing the profile of your business that policy statements for both data protection and privacy are included and are clearly signposted throughout your Website.
You need to have a Privacy Policy integrated into your Website that tells customers exactly how you protect and use their information.
Further information
To read about the implications of the Data Protection Act in detail, visit http://www.opsi.gov.uk/acts/acts1998/ukpga_19980029_en_1.