You might think this is something that only applies to financial organisations and large corporates - you would be wrong!
If you hold a customer list or database ( however simple) on a computer with names addresses and contact details - maybe even payment details - you would come within this legislation. Do not panic - a solution is at hand and its realitively inexpensive.
Anyone yet had involvement with the Information Commissioner? Or can share practical experience of data protection issues in their small business? There are issues with websites and privacy too that might apply to you.
If you are sent a list of names and addresses – this is personal data which is covered by the Data Protection Act - You should ensure that the person or organisation who sends you the list is (a) registered as a data controller with the ICO and (b) is entitled to send on this information to you. The consent of those in the list should have been obtained to send it out to others. Even if the provider of this list can show they comply with (a) and (b), you should still check the data against relevant preference services to ensure that the data subjects have not opted out of receiving telephone or written sales communications before you use the information on the list.
If you then input this information in to your own data base and add to it then you in turn could become the data controller and liable for any breaches of the DPA – you would need to be registered with the ICO and have your own policy on the use and retention of Data and comply with the 8 Data Protection Principles.
For more information on this subject, please contact dispute resolution specialist Heather Stanford or join the debate on in our eForum on Linkedin
Subscribe to the Nelsons Law RSS service and get all the news as it is added. Simply copy the address from the box below into your RSS reader software: