News
Keeping you up-to-date on marketing developments and issues which could affect your business.

New law affects all websites and emails

Shaping Business - on the move

Outsourced Marketing Support:
A priority for Directors

Shaping Business Designs

Direct Marketing:
Can you make that call?

CRM:
Getting a return on your investment

Communications and the law

Data Protection Act

Data Protection Act - Do you comply?

The Data Protection Act has an impact for every organisation that holds information on customers and contacts. The penalties for infringement are severe. Are you acting within the law?

What you need to know

The Data Protection Act 1998 came into effect on 1 March 2000 and makes no distinction in size of business. From the Information Commissioner's perspective, the nature of your business is equally unimportant. Regardless of the amount of personal data you hold you are required to notify the Information Commissioner of the type of information held and how it is processed.

There are eight key principles preserved within the act.

The data held must be:

obtained fairly and lawfully

held only for specific and lawful purposes and not processed in any matter incompatible with those processes

relevant, adequate and not excessive for those purposes

accurate and where necessary kept up-to-date

not kept for longer than necessary

processed in accordance with the rights of data subjects under the Act

- on request, to be informed of all the information held about them by the data controller

- to prevent the processing of their data for the purposes of direct marketing

- to be compensated for damages caused by contravention of the Act#

- to remove or correct information that is held about them

held securely to prevent the loss, destruction or unauthorised disclosure of information

retained within the EU area, unless there is adequate security precautions taken in the destination country and the data subject has given their consent.

The Penalties

Failure to notify the Information Commissioner of the type of data held and the processing performed on it, carries with it a maximum penalty of £5000 plus costs in the Magistrates courts and an unlimited fine in the Higher Courts.

Your next steps:

1. If you hold contact details of customers or prospects and use this information within your business you must assign the responsibility of Data Controller to a relevant person within your business
2. You must ‘notify’ i.e. register with the Information Commissioner (this can be done via the Information Commissioners website or by phone). There is a small administrative charge for registration. You must keep the Information Commissioner informed of any changes to your registration
3. You must ensure that the eight principles of the act are adhered to throughout your company
4. You must comply with any ‘subject access’ requests by individuals wishing to see what information you hold about them.

More Information:

The Act:
http://www.hmso.gov.uk/acts/acts1998/19980029.htm#aofs

Guidance:
http://www.informationcommissioner.gov.uk/eventual.aspx?id=87

If you would like an independent review of your systems and processes, or advice on how to ensure your business complies with the Data Protection Act, please contact our office or email results@shapingbusiness.com.