Resources - The Data Protection Act

Any company which stores or processes information about individuals needs to be aware of the Data Protection Act (DPA) 1998. The Act states that anyone processing personal information must register with the Information Commissioner's Office.

The Act defines eight principles which are designed to ensure that information is handled properly. These principals, which are legally enforceable, state the data must be:

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate
  5. not kept for longer than is necessary
  6. processed in line with your rights
  7. secure
  8. not transferred to countries without adequate protection.

There are limited exceptions to registering where the information stored can not be used to identify a single individual however, even if you believe your company to be exempt, you should check to make sure.

Further information can be found on the Data Protection section of the Information Commissioner's Office website.