310k INTERNET SOLUTIONS FOR WEBSITE DESIGN WEBSITE HOSTING SHOPPING BASKETS INTRANETS AND EXTRANETS SEARCH ENGINE OPTIMISATION WEB SITE MARKETING

Home Page What? Client Area Our Services Domain Availability How? Portfolio Fact Sheets Project Schedule Why? Website News Why Choose 310k Where? Contact Us Enquiries Form

Fact Sheets

Phase Two (24 October 2001 - 24 October 2007)

All manual data (including health records) gathered on or after 24 October 1998 will be subject to the Act.

Phase Three
After October 2007, the Act will be fully effective and all data, however stored, will have to comply with no exemptions.

Still procrastinating?
Despite lots of warnings in the press about the above deadlines, I suspect that many companies still haven’t appointed a ‘data controller’ and still haven’t put compliance measures in place.

If your current procedures fall short of the new rules, then you really do need to take immediate action. If, on the other hand, your company has taken all necessary measures and believes it is compliant, then make sure that you continually review your procedures.

Making the effort
In reality, I think it is probably virtually impossible to achieve full and continuous compliance but if you are able to demonstrate that you have put a strategy in place that aims to achieve compliance, then you greatly reduce the risk of being fined.

Like it or not, the new Data Protection Act affects you. While you can still go about your daily tasks, it would probably make sense for you to review your methods of collecting, storing and handing ‘personal data’.

For example, data subjects have a right to object to automated decision-making. Although the most common automated system is credit-checking, you would be wise to review your recruitment policies if they rely heavily on, say, psychometric analysis.

Similarly, if you operate CCTV make sure that anyone visiting your premises – for interview, for instance – is aware it is being used. A notice about its presence should be prominent on the property – failure to do so could be regarded as a breach of the data subject’s rights.

Six Point Check List

1. Have you appointed a ‘data controller’ to take responsibility for overall compliance?
2. Have you communicated the importance of the DPA and the legal duties it places on employers to all managers, pointing out that the DPA covers line managers’ data as well?
3. Have you made staff with access to details covered by the Act aware of the criminal implications of recklessly disclosing personal data?
4. Have you reviewed your information systems to check who holds what data, why they hold it, why the information is collected, how it is used and whether the content is processed in line with the eight principles?
5. Is all manual and electronic data kept securely, confidentially and only accessible by relevant staff? Are passwords secure and secret, for example?
6. Do you need to review your policy with regard to third party references?

CLICK FOR MORE INFO

<< Return Next >>