Not only is compliance with the DPA a legal requirement, there are good business reasons for doing so – for example, using out of date or bad data could result in customer complaints. Also, using bad data costs money and time.
An unhappy client can make a complaint against your business if they believe you have not met the terms of the Act.
The Information Commissioner could take enforcement action against any company which does not comply and impose a financial penalty in some cases.
What do you need to do?
1) You need to ensure that you and your staff follow the 8 Data Protection Principles, as listed in our Introduction to the Data Protection Act.
2) You need to find out if you need to notify the Information Commissioner with details of any personal data your company holds.
To find out if you need to notify – visit the Information Commission site or call the helpline on 01625 545745. If you hold personal data purely for internal use, you may not have to notify, however if you transmit data electronically or hold customer information online (even for mailing lists), chances are you will need to do so.
There is a standard £35 annual administration fee for notification.
What if an individual asks for their information?
Individuals have a right under the Data Protection Act to request a copy of all information held about them on a computer system. (known as the right of subject access). You are required by law to deal with such requests within 40 days and may charge a fee of up to £10 for responding for the request for data.
Contacting the Information Commissioner
Helpline : 01625 545745
Notification Line : 01625 545740
Fax : 01625 524510
Email : firstname.lastname@example.org.
Address : Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF