Is your Customer Database a Ticking Time Bomb? Data Protection: A Rough Guide to Compliance

Organisations

All organisations must make sure they comply with the Data Protection Act and therefore a number of legal responsibilities:

• To notify the Information Commissioner if you are processing personal information, unless you are an organisation who has personal information only for :

• staff administration (including payroll)
• advertising, marketing and public relations for your own business
• accounts and records (some non-profit organisations)

• To process the personal information in accordance with the Eight Principles of the Act (see below).
• To answer subject access requests received from individuals.

Organisations and Individuals

Anyone who processes personal information must comply with the Eight Principles of the Act. These make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and non-excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

The Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

We provide a professional fixed-fee service to help ensure that your business is compliant with this important legislation. For guidance and a quotation, please contact Fiona Rodgers on +44 (0)20 7749 2700 or fcr@silvermansherliker.co.uk.