Menu Close

Data Protection

If you store personal information on clients, employees or other individuals, should comply with data protection best practice. We suggest that you review your policies, practices and procedures associated with this kind of data, and regularly review the necessity to hold / appropriateness of holding such data, and how it is protected. You may also need to review the terms and conditions that apply to your website.

Data protection principles: good practice

  • Personal data should be processed fairly and lawfully and people whose data you hold should be notified of what is being done with their data
  • Personal data should be used only in accordance with the purposes for which is was collected
  • Personal data held should be adequate, relevant and not excessive (and not just ‘in case it might be useful’)
  • Personal data should be accurate and where necessary kept up to date, with individuals given the ability to update their data, or have it updated, including for marketing communications purposes
  • Personal data should be kept for no longer than is necessary. You should develop a retention policy for personal data and ensure it is enforced.
  • Personal data should be processed in accordance with the rights of data subjects. You should ensure that any requests from individuals for a copy of their data are responded to promptly and the data is provided in a timely manner.
  • Appropriate technical and organisational measures should be established to protect the data from intrusion, wrongful sharing and other types of compromise

Definitions

  • Personal data – information relating to a living individual.
  • Data subject – the person about whom the data relates.
  • Data subject access request – the right of an individual to request a copy of their data under a formal process and payment of a fee.
  • Data controller – an organisation or body which uses personal data.
  • Processing of personal data – storage, transfer, viewing, access, analysis of personal data.
  • Notification – a formal process of notifying relevant parties by an organisation of the use of personal data.
  • Sensitive personal data – data relating to religious or other beliefs, health, race, ethnicity, political views, trades union membership, criminal record.

Included

  • Digital or electronic data (including CCTV images).
  • Data in manual filing systems (paper-based systems), if it is considered to be a structured filing system. A relevant filing system is defined as “a manual file that is well indexed with marked tabs so a particular document within the file is very easy to find”.

 

See Also...

Rules, Guidelines & Procedures 14