• Why does it matter?
    Good management of this data is critical – no matter what the size of the business.

    Businesses are required under the DPA to clearly state what they are going to do with personal data – this includes what information is being collected, how it will be used and who it will be shared with. It is normally the easiest route for a business to have a ‘Privacy Notice’ that ensures compliance with the obligations under the DPA. This can then be given to clients and also displayed easily – such as on a website.

    Loss of personal data will result in reputational damage, but it can also really hit a business hard in the pocket. Information security breaches can result in large fines (potentially up to £500,000) and the business could face compensation claims directly from individuals.

    Businesses should have a data protection policy and procedure to ensure both personal data and the business is protected.

    If you have adequate data protection policies and procedures in place – these can often be used as mitigation if something does ever go wrong. A lack of policies and procedures within a business are often pointed to when fines are issued for breaches of the DPA. If policies and procedures are in place and a ‘Data Protection Officer’ is named to oversee them and act as the point of contact – then it can at least be argued any breach was accidental.

    What rights do individuals have to ask for information?
    The DPA sets out that individuals have the right to access personal data held by any organisation by making a subject access request (a ‘SAR’).

    If you receive a SAR – you must act quickly. Unless one of the exemptions to disclose information applies, then the information requested must be supplied within a strict timeframe. All different types of information can be requested and may need to be handed over – so, for example, you need to ensure staff realise this and that no embarrassing, unprofessional or rude emails are floating around

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information