Are You Data Friendly?

Many businesses regard the Data Protection Act 1998 as something that merely requires a lot of form filling and the payment of fees, but there is a lot more to it than that.

The purpose of the Act is to protect a person's right to privacy with regard to the processing of their personal information. Individuals (‘data subjects’ in the terminology) have the right of access to information held about them. For example, a customer of your business has the right to contact you to request a copy of any data you hold on them so that they can check it. This is called a 'subject access request' (SAR). You are required by law to supply the information requested (once you have checked that they are who they say they are, of course). The individual making the request has the right to see data held in any form, not just that held on computer, so storing information in paper form does not avoid the responsibility.

If you receive a SAR, you are required to supply not only all the information you hold on the data subject but also a description of why the information is processed, details of anyone it may be passed to or seen by, and the logic involved in any automated decisions. If you unjustifiably fail to comply with a SAR, the courts may impose a fine of up to £5,000. Any person who believes they have suffered damage and/or distress as a result of a contravention of the Act may seek compensation by applying to the High Court.

In the case of a failure to comply with a subject access request the Court may award compensation for distress alone.

The interpretation of the Court of Appeal is that ‘personal data’ has been defined in such a way that employees are only entitled to see information which is biographical ‘in a significant sense’ and which has the data subject as its focus. The mere mention of a person’s name does not entitle them to see the documents concerned.

View the eight data protection principles.

Related Articles

Registering a Trade Mark
-
Your business has its own unique brand and reputation and it is vital in a competitive marketplace to ensure that these are protected from unscrupulous third parties. Some business owners do not believe there is any point in registering their trading or...
Read More
Dealing With Breach of Patent
-
When you discover that a business has breached your patent, what should you do? The answer to this question has two elements. The first is based on what you can do in law and the second is based on business strategy. Firstly, before picking a fight with...
Read More
Patent Searches Improved
-
Checking for existing patents in force is easy (and free) if you use the UK Intellectual Property Office's (UKIPO) patent databases which are accessible online. The new databases replace the Patents Journal and are designed to make obtaining information...
Read More
Data Loss - What to Do
-
The Information Commissioner's Office (ICO) has issued guidance for organisations that lose personal data, having reported that it has been notified of nearly 100 such incidents to date. One of the less intuitively obvious suggestions is to think...
Read More
Dealing With Subject Access Requests
-
The Data Protection Act 1998 gives individuals the right to access information held about them by organisations. The Act governs how organisations can use the personal information they hold – including how they acquire, store, share or dispose of it....
Read More
Is Your Website Disability-Friendly?
-
The British Standards Institution has published guidance on making sure that your website is disability-friendly. Legislation commencing with the Disability Discrimination Act   (DDA) made it unlawful for a service provider to discriminate against a...
Read More
Intellectual Property: Who Owns It?
-
One of the biggest sources of disputes in industries based on innovation is a difference of opinion about who owns the intellectual property (IP) created in terms of designs, software, processes and systems. This is a general guide for businesses to the...
Read More
The Eight Data Protection Principles
-
Anyone processing personal data must comply with the eight enforceable principles of good practice. Here is a checklist. Data must be: fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; ...
Read More
Freedom of Information - What it Means in Practice
-
The Freedom of Information Act (FOIA) 2000 came fully into force on 1 January 2005 and it has serious implications for businesses doing business with the public sector. The reason for this is that because one of the aims of the Act is to engender greater...
Read More
E-Commerce Law - Do You Comply?
-
The Electronic Commerce (EC Directive) Regulations introduced specific legislation to underpin e-commerce. If your business has an Internet presence then you need to make sure that you are not falling foul of these new rules. The Regulations do not just...
Read More
Protecting Your Design Rights
-
Protecting intellectual property has always been a complex area of law, but in one specific area things may be getting clearer. The Registered Designs Regulations 2001 include several protections for inventors of designs. If you have a new design which is...
Read More
Direct Marketing Via E-mail - Regulations
-
UK law relating to the sending of unsolicited direct marketing material by electronic means are based on the EC Directive on Privacy and Electronic Communications . A major aim of the Directive was to cut down on the amount of ‘spam’ that...
Read More
Patents Made Simple
-
In response to representations regarding the cost of obtaining intellectual property protection in the UK, the Intellectual Property Office has introduced a new online patent system called Ipsum . Ipsum will allow businesses to: view patent status ...
Read More
Are You Data Friendly?
-
Many businesses regard the Data Protection Act 1998 as something that merely requires a lot of form filling and the payment of fees, but there is a lot more to it than that. The purpose of the Act is to protect a person's right to privacy with regard to...
Read More
What to do When Your IT Doesn't Work
-
These days it is increasingly the case that when your IT doesn't work, neither does your business. Clearly, the best way to deal with IT problems is prevention, which means doing regular backups, proper systems maintenance, keeping anti-virus protection up...
Read More
The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.
Print pagePrintable Version