The Data Protection Act requires anyone who handles personal information to comply with a number of important principles. It also gives individuals rights over their personal information.
Any company dealing with personal details of clients should be registered. Many people think that it doesn’t apply to them, but if you keep paper or electronic records contianing any kind of personal details, you are required to be registered.
It is the Information Commissioners Office (ICO) which is responsible for the Data Protection Regulations
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.
Should an individual or organisation feel they’re being denied access to personal information they’re entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner’s Office for help. Complaints are usually dealt with informally, but if this isn’t possible, enforcement action can be taken.
http://www.ico.gov.uk/Home/for_organisations/data_protection_guide.aspx is the location for information on the Data Protection Act and http://www.ico.gov.uk/Home/what_we_cover/data_protection/notification.aspx gets you registered with them.
It should be noted that in order to use our Anti Money Laundering checks, you will need to be registered under the DPA, however if you are a business dealing with customers personal details or have members of staff anyway, you should already be registered.