Data Protection tips for your business.
Data protection refers to the act of maintaining the documented privacy of any person or persons you work with and for. If you are in the business of storing and or keeping on file any kind of record regarding the personal and private information of a living person, then you will be falling under data protection legislation.
Having a business in the UK makes you compliant to both the data protection act of 1998, which is the main piece of government legislation that governs the protection of personal data in the UK and of the Data Protection Directive as put forth by the European Union and recently updated earlier this year.
So how do you ensure that your business remains compliant and you don’t fall foul of painstaking governmental procedure? Here we outline the most significant tips to remember when aiming for compliance with data protection laws.
Obtain information lawfully – The information you gather in regards to people must be gathered with the consent of that person and any intention to use that information further, likewise. If the data obtained is of the sensitive variety (data regarding race, creed, gender, sexuality, criminal offences, etc), then be sure that this is only acquired as and when absolutely necessary and that the subject is informed of its potential use.
Keep the information up to date – If the information is out of date, no longer required or otherwise irrelevant then update and or delete completely as and where required. Keep on top of this by regularly reviewing any acquired data. Any information with question marks hanging over it should therefore never be used.
Information disposal – The personal data acquired should not be kept longer than is necessary, so, once its purpose is fulfilled, any stored information should be deleted accordingly. The disposal of this information should be final; i.e. electronic information should be deleted and, computers this information is stored on, used only within the confines of your business and physical information should be shredded as opposed to binned.
Ensure the rights of the individual are always met – As well as gaining consent for the acquiring and use of a person’s information, you should also be aware that they have the right to see and seek this information as and when they desire. So be acutely aware of all information, including that of the informal kind, you are using and displaying on their behalf.
Keep all data secure – When storing any kind of personal information, whether that is electronic or physically filed, you must ensure that this information is stored and locked securely. Electronic information should be secured under password protection and or any other computer based method and stored physical files should be stored securely in lockable filing cabinets and rooms. When using the information openly you should ensure that screens and paper can only be seen and used by whoever is using that information at a given time.
Transferring of information – any intention for use beyond the walls of your business should, again, only be used and or provided with the consent of the subject. Even if an adequate level of protection can be ensured – as will often be the case between countries within the European Union – a person’s right to confidentiality should be met by seeking their consent on the third party use of their personal data. This consent should, in accordance with the data protection act of 1998, be in written form.
It is also worth bearing in mind that personal data must also be kept away from any people affiliated to a data subject; this includes parents, friends, guardians and or any other person or persons with a personal relationship to the person whose data you are protecting. Nobody but the individual themselves have any right to that information.