By Liam - Wednesday, June 13th, 2007
From time to time we get asked questions about the Data Protection Act 1998. One requirement of the Act, is that all Data Controllers (people who process personal data, which includes most if not all businesses as well as clubs, societies, local authorities etc.) must register with the Information Commissioner. Full details are available here and it costs £35.00.
I have known people to receive threatening looking notices from scammers that purport to be an official body and threatening tough enforcement action and fines if the recipient doesn’t register under the Act using their service (usually at a cost of 3 or 4 times the Information Commissioner’s fee). The legal requirement is to fill in a simple form and send it with £35 to the Information Commissioner.
Posted in Data Protection | No comments »
Similar Posts:
By Liam - Monday, April 30th, 2007
Under the Data Protection Act 1998 (DPA) there is a transitional period for manual (i.e. non computerised) data. The exemption exempts data from:
- the Frist Principle except Part II, Schedule I, paragraphs 2 and 3 of the fair processing requirements of the Act (3.1.7.1)
- the Second Principle (3.2 - processing for specified and lawful purposes)
- the Third Principle (3.3 - processing not to be excessive),
- the Fourth Principle 3.4 - data to be up to date and accurate)
- the Fifth Principle (3.5 - data not to be kept for excessive time)
- section 14 subsections (1) to (3) (court orders to deal with inaccurate data)
(the references in brackets are to paragraphs in the ICO guide)
This exemption ends on 23 October 2007. Until that date, manual data that was in manual system before 24 October 1998 is exempt from the above provisions of the DPA. Data added on or after 24 October 1998 is not (and never has been) exempt, and neither is data where the way in which the data is processed has changed since October 1998.
What does this mean? We recommend that you firstly identify what data you hold that is subject to the DPA. Once you have done this, check whether you can comply with all aspects of the DPA (in particular the 8 principles) and within the necessary time limits (e.g. 40 days for Subject Access Requests). If you can comply with the 8 principles using manual filing systems, we cannot see a problem with this. However, very large manual systems may have problems complying with certain provisions such as time limits or security requirements.
Posted in Data Protection | No comments »
Similar Posts:
