Data Protection obligations

Recent research conducted for the Information Commissioner’s Office reveals that 78 percent of small businesses are “unaware that they are required to keep customer information accurate and up to date”.
Frankly, their …

By
14th October 2007 at 8:55 am

Recent research conducted for the Information Commissioner’s Office reveals that 78 percent of small businesses are “unaware that they are required to keep customer information accurate and up to date”.

Frankly, their ignorance is not surprising, when you consider how much documentation they have had to to plough through to understand what the Data Protection Act is all about. (Visit ico.gov.uk to see what I mean.)

Yet, as always, ignorance is no defence for non-compliance and, apart from exempt organisations, failure to register (cost £35) is a criminal offence which can result in a fine of up to £5,000.

Fortunately, the Commissioner’s Office has twigged that small businesses need help, so it has produced a brief guide to the subject for SMEs. Although helpful, it contains worrying caveats like, “This list does not include all the information that is covered by the Act. For a complete definition, please see our Legal Guidance document.”

This kind of thing, while backside-covering, does make life difficult for entrepreneurs who usually have other priorities for their time.

One thing that bugged me throughout the Guide, and the many Information Commissioner Office web pages that I visited, was the assumption that the reader is supposed to know what constitutes ‘personal information’.

The Guide itself only hints at the answer with, “Broadly … information that relates to living individuals which is held on computer. For example, this may include information such as name, address, date of birth … from which the individual can be identified.”

A more complete and helpful answer is in an eight-point questionnaire contained in a 22-page Acrobat document or as a web page.

At least if you start there, you’ll know whether the information you handle is subject to the Act and whether you even need to worry about all the other stuff.

#646464

David Tebbutt is an award-winning columnist and feature writer who specialises on the subject of using software and technology to increase business productivity. He's an analyst with Freeform Dynamics but, in previous lives, wrote for Director magazine, Real Business and was also editor of Personal Computer World. http://freeformdynamics.com

Commenting Is Easy

Do you agree with this blog post? Disagree? Have something to add that others might find helpful? Then please leave a comment in the box below.

If you'd like to have your image included next to your comments here, then you can set yourself up with an avatar in just a couple of clicks.

  1. I had a form in the post this morning for signing up to the Data Protection Act from a http://www.dparegistrations.org.uk which looked very official. It was when I saw that they wanted me to send £145(!) that I looked at their site and it looked so cheap that I googled their name straight away. The results that came back basically said not to send them any money.

  2. Thanks for warning our readers, Phil. Greatly appreciated.

    Scam artists have been leeching off decent business people for years. Here’s a list of the ones specialising in the Datra Protection Act in 2004.

    I’m sure there are plenty more now.

    You’ll be getting them for carbon trading soon, no doubt.

Leave a comment

Photostream

Listen to the sales podcast for SMEs Subscribe to the podcast on iTunes

PARTNER PROMOTIONS

If looking to boost your businesses performance with promotional marketing, travel incentives or incentive schemes get it touch with NDL Group