Why is it essential for your organisation to comply with the Information protection Act?
Court of protection Solicitors (“DPA”), lays down eight data protection principles that any organisation processing information of folks should comply with.
What does the DPA cover?
The DPA came into force on 1 March 2000. The DPA implemented the European Union (“EU”) Directive on data protection into UK law introducing radical alterations to the way in which individual information regarding identifiable living folks can be used. The constant will need for companies to procedure individual data indicates that the DPA impacts upon most organisations, irrespective of size. Additionally, the public’s increasing awareness of their right to privacy implies that data protection will stay an crucial situation.
The DPA tends to make a distinction amongst private information and private sensitive data. Private information incorporates individual information relating to staff, buyers, small business contacts and suppliers. Sensitive information covers an individual’s ethnic origin, medical situations, sexual orientation and eligibility to function in the UK . The data protection principles set out the standards which an organisation ought to meet when processing personal data. These principles apply to the processing of all personal information, irrespective of whether these information are processed automatically or stored in structured manual files.
What is data?
Information signifies info which is processed by pc or other automatic gear, such as word processors, databases and spreadsheet files, or information which is recorded on paper with the intention of getting processed later by personal computer or information and facts which is recorded as element of a manual filing system, where the files are structured according to the names of men and women or other characteristics, such as payroll quantity, and where the files have sufficient internal structure so that certain data about a unique person can be located simply.
What are the eight information protection principles?
The eight data protection principles are as follows:
Individual information ought to be processed pretty and lawfully
Personal data will have to be obtained only for specified and lawful purposes and have to not be processed further in any manner incompatible with these purposes
Private data have to be adequate, relevant and not excessive in relation to the purposes for which they were collected
Personal data have to be accurate and, where essential, kept up to date
Personal information have to not be kept longer than is important for the purposes for which they had been collected
Individual information need to be processed in accordance with the rights of information subjects
Private data ought to be kept safe against unauthorised or unlawful
processing and against accidental loss, destruction or damage
Private information will have to not be transferred to nations outside the European
Economic Area unless the country of destination supplies an adequate level of information protection for these information.
What data comprises personal data?
Individual data relates to information of living folks who can be identified from those information, or from these information and other information which is in the possession of the information controller or which is most likely to come into its possession for instance, names, addresses and home phone numbers of personnel.
What information comprises sensitive data?
Personal Sensitive data (“sensitive information “) consist of info relating to a information subject’s (folks):
racial or ethnic origin
religious beliefs or other comparable beliefs
trade union membership
physical or mental overall health or condition
commission or alleged commission of any offences convictions or criminal proceedings involving the data subject.
convictions or criminal proceedings involving the data subject.
What is the meaning of processing below the DPA?
The definition of ‘processing’ is quite broad. It covers any operation carried out on the information and involves, obtaining or recording information, the retrieval, consultation or use of data, the disclosure or otherwise producing obtainable of information.
Who is a information controller?
A ‘data controller’ is any individual who (alone or jointly with other folks) decides the purposes for which, and the manner in which, the personal information are processed. The information controller will hence be the legal entity which workouts ultimate control more than the personal information. Person managers or employees are not data controllers.
The data controller is accountable for:
Private data about identifiable living people
Deciding how and why private data are processed
Details handling – complying with the eight data protection principles
Acquiring “information subjects” consent for processing sensitive information
Current procedures for handling sensitive or personal information
Safety measures to safeguard private information
Who is a data processor?
A ‘data processor’ is a person or organisation who processes the information on behalf of the information controller, but who is not an employee of the information controller.
Who is a data subject?
A ‘data subject’ is any living person who is the subject of personal data. There are no age restrictions on who qualifies as a data topic, but the definition does not extend to men and women who are deceased.
Are we essential to notify? What does notification imply?
An organisation need to not approach any individual data unless it has 1st notified the Facts Commissioner of particular particulars, including:
the organisation’s name and address
the purposes for which the information are to be processed
any proposed recipients of the information
countries outdoors the European Economic Location to which the data may be disclosed.