Data protection applies to all
Published: 10 April, 2013
Google has been in the news over data protection issues but it serves as a timely reminder to all businesses – including small companies – to comply with the law, Lester Aldridge’s David Ashplant has said.
“Every business needs to comply,” Mr Ashplant stated. “Before obtaining or using personal data – basically data that enables someone to be identified – a business must notify the Information Commissioner (IC) of the data the business will be processing and the purposes it will be used for and that notification needs to be kept up to date. Failure to notify is a criminal offence.”
The IC can issue enforcement notices for breach of the law and, for a serious contravention, impose a fine of up to half a million pounds.
Businesses must comply with the data protection principles which include not misleading customers about what their data will be used for. Many companies use privacy policies on their websites and opt in or opt out checkboxes to help ensure they comply with the law.
Data should not be kept longer than necessary and not be transferred outside the European Economic Area except in certain circumstances.