• Technology
  • June 17, 2020

What are my obligations with regards to collecting data?

Complete our  FREE GDPR Checklist today The Data Protection Act 1998 defines how information about living people may be legally processed and handled. Businesses are required to comply with eight data protection principles and failure to do so may result in regulatory action by the Information Commissioners Office (ICO). The fundamental principles of data protection enshrined in the Act provide that personal data must:     
  • be processed fairly and lawfully;
  • be obtained only for lawful purposes and not processed in any manner incompatible with those purposes;
  • be adequate, relevant and not excessive;
  • be accurate and where necessary, kept up to date; 
  • not be retained for longer than necessary;
  • be processed in accordance with the rights and freedoms of data subjects under the Act; 
  • be protected against unauthorised or unlawful processing and against accidental loss, destruction or damage; and
  • not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory protects the rights and freedoms of data subjects. 
  If these principles are complied with, personal data may be processed for core business purposes (i.e. staff administration/business marketing activities) without the need to notify the Information Commissioner. If data is processed for other purposes, the Information Commissioner must be notified.   Subject Access Requests It should also be noted that individuals have a right under the Act to obtain a copy of the information held about them. This is not limited to employees. If a business receives such a ‘subject access request’, a response must be given promptly and no later than 40 days and this covers all data, whether it is held electronically, in paper form or in any other form.   Review of Data Protection SMEs should consider conducting a review of the personal data that they process. If sensitive personal data is processed, specialist advice may be needed and extra care taken where sensitive personal data (including details about race, political opinion, religious belief, trade union affiliation, physical or mental health, sexual life and the alleged commission of any offence) is concerned as conditions for processing such data are much more stringent than in relation to general personal data.   The ICO has developed an online self-assessment tool which can be used by small and medium-sized organisations (SMEs) to assess their compliance with the Data Protection Act and improve data handling procedures. The tool provides a rating of compliance with the Act based on responses to a questionnaire and includes links to relevant guidance and information.   New EU General Data Protection Regulation (GDPR) In light of the foregoing and several recent high-profile ICO decisions and a heightened awareness of data protection by the general public, all businesses including SMEs need to have a proper understanding of their obligations under the Data Protection Act when handling personal data. Furthermore, with the forthcoming EU General Data Protection Regulation (GDPR), an even more stringent data protection regime, increased financial penalties and a wider definition of ‘personal data’, due to come into being in 2018, the need for small businesses to tighten up their data protection procedures has never been greater.   The GDPR is expected to become law in 2018 and whilst the UK may have voted to leave the EU, the regulation will affect all UK businesses due to the expanded territorial reach provided for in the Regulation. The GDPR applies to data controllers and processors outside the EU whose processing activities relate to the offering of goods or services to, or the monitoring the behaviour (within the EU) of, EU data subjects.   This means in practice that companies outside the EU targeting customers in the EU will be subject to the GDPR. As such, UK companies will be obliged to comply and in any event, it appears that the UK will still be within the EU in 2018 when the Regulation is due to come into force. Therefore, legal services for businesses going forward must necessarily include compliance with current data protection principles and with the new GDPR by 2018, in order to minimise the risk of finding themselves at odds with the new rules and open to hefty fines. Submit an enquiry for further business legal advice or for expert GDPR legal advice, call us today for FREE LEGAL CONSULTATION on 0207 148 1066.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free