... Are you Compliant?
If you are collecting customer or client data it’s really important you understand and are fully compliant with the Data Protection Act 1998. This means that personal information you hold must:
• be fairly and lawfully processed;
• be processed for limited purposes;
• be adequate, relevant and not excessive;
• be accurate and up to date;
• not be kept for longer than necessary;
• be processed in line with the data subjects’ rights;
• be secure; and
• not be transferred to other countries without adequate permission.
If you are not sure what you should be doing or just want to check the processes you have in place are keeping you compliant – then good news! The Information Commissioner’s Office (ICO) has just launched a new free online Data Protection Self-Assessment Toolkit available on the ICO website which you can use to check.
How does the Toolkit work?
The Toolkit can be completed as a single overall assessment covering the key obligations that you have in relation to processing customers’ or clients’ personal information. Alternatively, it can be broken down in separate categories allowing an organisation to tailor it to their specific needs. Upon completion a compliance rating is provided, alongside links to further ICO guidance for areas where compliance can be improved.
Which assessment should I take?
If you are new to data protection, or may be unfamiliar with your data protection obligations, choose ‘route A’ – the single overall assessment. This will provide a high level assessment of the main data protection considerations.
If you want to tailor the self-assessment to your organisation’s particular needs and risks you should choose ‘route B’. This will evaluate compliance in the following areas:
• Data Protection Assurance;
• Records Management;
• Information Security;
• Data Sharing and Subject Access; and
• Direct Marketing.
This is a great Toolkit to use as a starting point to assess compliance. It's important to remember that every organisation’s requirements will be different. Should you require any help in understanding your obligations and ensuring compliance following completion of the assessment, our highly experienced team at asb law is on hand to help.
Find out more about Data Protection and the Self Assessment toolkit here
Debbie Venn, Partner and Head of Technology, Media and Telecommunications for asb law is a specialist in intellectual property rights and licensing, information technology and e-commerce with particular expertise in the travel industry.