• Technology
  • January 05, 2017

What are my obligations with regards to collecting data?

By Lawbite Team

Talk to a Lawyer Free Legal Help
article
Complete our  FREE GDPR Checklist today The Data Protection Act 1998 defines how information about living people may be legally processed and handled. Businesses are required to comply with eight data protection principles and failure to do so may result in regulatory action by the Information Commissioners Office (ICO). The fundamental principles of data protection enshrined in the Act provide that personal data must:     
  • be processed fairly and lawfully;
  • be obtained only for lawful purposes and not processed in any manner incompatible with those purposes;
  • be adequate, relevant and not excessive;
  • be accurate and where necessary, kept up to date; 
  • not be retained for longer than necessary;
  • be processed in accordance with the rights and freedoms of data subjects under the Act; 
  • be protected against unauthorised or unlawful processing and against accidental loss, destruction or damage; and
  • not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory protects the rights and freedoms of data subjects. 
  If these principles are complied with, personal data may be processed for core business purposes (i.e. staff administration/business marketing activities) without the need to notify the Information Commissioner. If data is processed for other purposes, the Information Commissioner must be notified.   Subject Access Requests It should also be noted that individuals have a right under the Act to obtain a copy of the information held about them. This is not limited to employees. If a business receives such a ‘subject access request’, a response must be given promptly and no later than 40 days and this covers all data, whether it is held electronically, in paper form or in any other form.   Review of Data Protection SMEs should consider conducting a review of the personal data that they process. If sensitive personal data is processed, specialist advice may be needed and extra care taken where sensitive personal data (including details about race, political opinion, religious belief, trade union affiliation, physical or mental health, sexual life and the alleged commission of any offence) is concerned as conditions for processing such data are much more stringent than in relation to general personal data.   The ICO has developed an online self-assessment tool which can be used by small and medium-sized organisations (SMEs) to assess their compliance with the Data Protection Act and improve data handling procedures. The tool provides a rating of compliance with the Act based on responses to a questionnaire and includes links to relevant guidance and information.   New EU General Data Protection Regulation (GDPR) In light of the foregoing and several recent high-profile ICO decisions and a heightened awareness of data protection by the general public, all businesses including SMEs need to have a proper understanding of their obligations under the Data Protection Act when handling personal data. Furthermore, with the forthcoming EU General Data Protection Regulation (GDPR), an even more stringent data protection regime, increased financial penalties and a wider definition of ‘personal data’, due to come into being in 2018, the need for small businesses to tighten up their data protection procedures has never been greater.   The GDPR is expected to become law in 2018 and whilst the UK may have voted to leave the EU, the regulation will affect all UK businesses due to the expanded territorial reach provided for in the Regulation. The GDPR applies to data controllers and processors outside the EU whose processing activities relate to the offering of goods or services to, or the monitoring the behaviour (within the EU) of, EU data subjects.   This means in practice that companies outside the EU targeting customers in the EU will be subject to the GDPR. As such, UK companies will be obliged to comply and in any event, it appears that the UK will still be within the EU in 2018 when the Regulation is due to come into force. Therefore, legal services for businesses going forward must necessarily include compliance with current data protection principles and with the new GDPR by 2018, in order to minimise the risk of finding themselves at odds with the new rules and open to hefty fines. Submit an enquiry for further business legal advice or for expert GDPR legal advice, call us today for FREE LEGAL CONSULTATION on 0207 148 1066.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.



Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • October 13, 2021
Three Tips For Managing Boardroom Conflict

Disagreements are a normal part of business life. In fact, often it is the differences of opinion that can result in everyone looking at a particul...


Startups
blog image
  • By Lawbite Team
  • October 13, 2021
How to structure a family business

Family businesses have been the mainstay of the UK economy for centuries. However, given the emotional relationships involved, clearly setting out ...


Startups
blog image
  • By Lawbite Team
  • October 13, 2021
How To Appoint A New Company Director

Appointing a new company director is more complex when compared with onboarding an employee. There are several steps you need to take to ensure com...


Startups

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan