Complying with the UK Data Protection Act of 1998 |
 |
EXPERT RESPONSE FROM: Alan Calder
|
|
|
|
| > |
QUESTION POSED ON: 10 January 2008
What are the key things I have to do to comply with the Data Protection Act?
|
|
| > |
EXPERT RESPONSE
There are a number of basic requirements and some that are rather more demanding. As a minimum, every organization that is going to process personal data (and this means any data relating to a living human being, not to an organization) must register with the Information Commissioner (www.ico.gov.uk) and describe, in the registration, what the purpose of processing this data is. It must be a permitted purpose. Registration is annually renewable and, once registered, you must comply with the purposes for which you've registered. That's the easy bit. The more complex bit is, in essence, that you must comply with the eight principles of the Data Protection Act. The eight principles are that personal information must be:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Not transferred to other countries without adequate protection
The ICO has comprehensive information (http://www.ico.gov.uk/for_organisations.aspx) and the BSI Data Protection Guide provides comprehensive guidance.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
