Data Protection Act

The Information Commissioners Office (ICO) has responsibilities set out in the Data Protection Act 1998.  The Act covers those processing personal information with provisions to ensure personal information:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with your rights;
  • secure; and
  • not transferred to other countries without adequate protection.

Registration is compulsory for organisations inc sole traders, households with cctv, charities if processing personal information.  There are few exemptions, eg a not-for-profit members organisation using information for member support (core business).

Take the self-assessment here to see if you must register

and here for small business Data Protection Self Assessment Toolkit