It’s been around since 1998, and all UK businesses should have been fully compliant since October 2001. So just what is the Data Protection Act and how does it affect Welsh businesses? Does it apply if you’re only a very small business? What measures do you need to take in order to protect personal data?
The Data Protection Act 1998 is based on an EU directive requiring member states to protect the rights of people to “privacy with respect to the processing of personal data”. It essentially governs the appropriate use of personal data by any organisation holding it. Overseen by the Information Commissioner’s Office (ICO), contravention of the Act by any organisation could mean:
Any personal information that can be used to identify the individuals concerned is covered by the Act. This applies to all Welsh businesses dealing with individuals, be they members of the public, employees of business partners/suppliers or even their own internal staff.
Beware of becoming a criminal yourself
All organisations have a responsibility to adhere to the Data Protection Act, which typically involves having 100% control and security over IT systems and databases. Should they fail to do so, they could be committing or facilitating an e-crime.
Holding personal information carries a series of legal responsibilities under the terms of the Act.
Many organisations have broken the Data Protection Act and suffered the consequences, both in terms of fines and sanctions but also the more damaging issue of a tarnished reputation. The law exists to protect consumers, so companies that break it are justifiably held in poorer regard.
Stay secure to stay legal
As well as having appropriate policies in place to remain in accordance with the Act, one of the most important actions Welsh businesses can take is to ensure any personal data held remains secure. Failing to respect the privacy of personal data strikes at the heart of what the Data Protection Act was designed to accomplish, and leaves an open door for e-criminals to walk through.