310k INTERNET SOLUTIONS FOR WEBSITE DESIGN WEBSITE HOSTING SHOPPING BASKETS INTRANETS AND EXTRANETS SEARCH ENGINE OPTIMISATION WEB SITE MARKETING

Home Page What? Client Area Our Services Domain Availability How? Portfolio Fact Sheets Project Schedule Why? Website News Why Choose 310k Where? Contact Us Enquiries Form

Fact Sheets

Good news - you get time and money

Don’t panic, it’s not all bad news. If someone wants to access their records, they must give you written notice, following which you have within 40 days to comply with their request. You can charge them up to ?10 for providing the information.

Consent, reason, intent
A good rule of thumb to help ensure you and your colleagues are complying is to make certain that:

• you have the necessary consent from the data subject (consent can usually be implied if the subject is an existing or prospective employee who hasn’t registered an objection to their data being used)
• you have a sound reason for obtaining the information you hold on them. In other words you can prove that you have a contractual obligation to process it; that you have a legal responsibility or public duty to do so; or other legitimate purpose that doesn’t prejudice the rights of the data subject
• you are sufficiently well-organized to provide a copy of someone’s records should they request them and it is your declared intent to do so.

What you MUST do – if you haven’t already done it

Believe it or not, the first thing you will need to do is ensure that your company is registered on the Register of Data Controllers, which is maintained by the Office of Information Commissioner. It is now deemed a criminal offence for you to process personal data without a register entry, which is renewable annually at a cost of ?35 per year. The register is publicly available at www.dpr.gov.uk/search.html

If you haven’t already registered, do it now, today. While certain types of business are exempt from having to register (certain non-profit making organizations, for instance) this doesn’t mean that such organisations are exempt from having to comply with the Act.

To make life easier for companies to restructure the way they use data, the implementation of the Act has been divided into a series of three phases.

Phase One (1 March 2000 - 23 October 2001)
During this period your company should have elected and trained a ‘data controller’ to ensure that your procedures and systems comply with the eight principles of the new Act listed above.

Although all data processed before 24 October 1998 escapes the clutches of the new Act, your ‘data controller’ should have ensured that all computerised data gathered after that complies with the new Act, as opposed to the previous 1984 Act.

CLICK FOR MORE INFO

<< Return Next >>