General Business Advice

Data Protection

The collection, use and storage of personal information is mainly governed by the Data Protection Act 1998. Any personal information collected and stored by a company from which an individual can be identified, will be covered. The information does not have to be confidential, even a list of names stored on a computer would be deemed to be relevant information.

Any company or organisation (and there are very few who would be exempt) holding or processing personal data must notify the Information Commissioners Office. Failure to do so is a criminal offence. If you process personal data only in relation to staff administration, advertising, marketing and PR and accounting; you are a not-for-profit organisation; you do not process personal information on a computer or use it only for domestic purposes, you may be exempt.

Very basically, you are required to 'safeguard' any personal data that you hold and process and should a breach occur, you need to act swiftly and effectively to deal with that breach. For further information, why not check the ICO's guidance.

For information about how to avoid falling foul of the DPA in commercial situations including in relation to employees, please contact our Commercial or Employment Team.