Customers and data protection
September 2008
All businesses that hold the details of customers, potential customers, suppliers, staff or any other business contacts are required to comply with the Data Protection Act.
The Data Protection Act governs the use of personal information by businesses and other organisations. If you use personal information as part of your business, for example, because you hold customer details or details on employees, you will need to comply with it.
Personal information is information about a living individual who is identified or who is identifiable. It includes information such as a name and address, bank details, and opinions expressed about an individual.
If you are processing personal information covered by the Act you must comply with the data protection principles. These require that personal information is:
- Processed fairly and lawfully
- Processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose
- Adequate, relevant and not excessive
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary for the purpose for which it is being used
- Processed in line with an individual's rights
- Kept secure with appropriate technical and organisational measures taken to protect the information
- Not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred
The Act applies to any records held electronically - for example on computer - or manually such as in a paper file.
Return to category: Newsletter: Brilliant News - September 2008