Any company or professional that needs to store personal data from clients in order to perform business activities is classified as a “data controller” thus they must comply with the Data Protection Act 1988. And this is the case for most companies in the UK who process customer data.
The Act consists of 8 principals. According to the Data Protection Act 1988 data must be:
- Fair and lawfully processed – must gain permission from the individual you are taking the data from – be honest.
- Processed for limited purposes – the collected information must be held for used for appropriate purposes. Only use the data for the reasons you’ve promised.
- Adequate, relevant and not excessive – All data requested must be necessary to complete the task – nothing outside of the concern of the business. No irrelevant data.
- Accurate and up to date – out of date information could result in error.
- Not kept for longer than necessary – securely destroy any information that is no longer need to avoid leakage.
- Processed in accordance with the data subject’s rights – these rights include the right to access a copy of their information, a right to object to the processing of their data, a right to prevent processing for direct marketing, a right to have inaccurate data rectified and a claim to compensation for damage caused by a breach of the act.
- Secure – If a company is holding data on behalf of a third party, it is their duty to ensure it is kept secure.
- Not transferred to countries without adequate protection – Data relating to third parties must not be stored overseas unless adequate safe harbouring laws are met.
To discuss your records management needs with an industry expert today, please get in contact.