Data Protection Act and thoughts on protecting your data.

As we provide integrated CCTV and Customer membership systems we thought it might be helpful to have some notes on the Data Protection Act.

The first question everyone has is “Do I need to register?”

Start of by seeking advice from the Information Commissioner’s Office, previously known as the Data Protection Agency. They can offer help and advice on if you are required to register, a small annual fee is payable to them on registration.

Click here for an online self assesment

Information Commissioner’s Office
Phone: (01625) 545 745
Web: http://www.informationcommissioner.gov.uk

What is the Data Protection Act?
The Data Protection Act 1998, gives an individual the right of access to their ‘personal data’. This personal data is any information held by your company that relates to an individual. Data is often collected when an individual completes the purchase of a good or service from a company.

What are the key principles of the Data Protection Act?
The Data Protection Act mainly consists of eight key principles that must be followed.

Principle 1 – Information must be processed fairly and lawfully.
Or another way :You must gain permission to use any collected data and let the individuals know exactly what it will be used for.


Principle 2 – Information collected must be processed for limited purposes.
Or : Only use the data that you have collected for the reasons you promised when you collected that data.


Principle 3 – Information collected must be adequate, relevant and not excessive.
Or : Collect only data that you need to know and not additional data that may be useful to you in the future.


Principle 4 – Information collected must be accurate and up to date.
Or : Make sure your data is correct and if in doubt check with the individual.


Principle 5 – Information must not be held for longer than is necessary.
Or : Only keep hold of old data and files if they are requited by law or will be needed.


Principle 6 – Information must be processed in accordance with the individual’s rights

  • A right of access to a copy of their information which is held;
  • A right to object to processing their data;
  • A right to prevent processing for direct marketing;
  • A right to have inaccurate personal data rectified, blocked, erased, or destroyed;
  • A claim to compensation for damaged caused by a breach of the act.

    • So : give the individual access. It is their data you’re holding, not yours.


    Principle 7 – Information must be kept secure
    So: Ensure that measures exist to keep the personal data you are responsible for out of the wrong hands.


    Principle 8 – Information should not be transferred outside the European Economic Area unless adequate levels of protection exist.
    So: Keep your customers informed. For example, we make sure all our servers are physically located in the United Kingdom.