| |
About this document:
To administer your statutory obligations under the Data Protection Act 1998, you need two documents:
-
first, a privacy policy (not necessary for a land based business);
-
secondly, this data protection policy. This document is addressed to your employees, so that compliance really happens. Of course, some explanation and education is advised.
Who will use this document:
Any business or organisation saving data by electronic means; i.e., any business that uses a computer –these days, that’s every business.
Key features:
-
broadcasts your commitment to compliance with legal obligations of the UK Data Protection Act 1998;
-
spells out to staff, how you and they will use all data;
-
helps to protect you from claims that you have misused data;
-
provides you with an easy reference as to your ongoing obligations.
Why use this document:
-
to reassure your employees (and customers) that their data is safe in your control. The more data you collect, the more important is this assurance;
-
because you have a legal obligation to comply with data protection legislation. Here is a quotation from the web site of the Data Commissioner (Crown copyright acknowledged):
Compliance Advice
Small Business Information
As an owner or manager of a small business you may view Data Protection as just another legal requirement to be "dealt with" in the course of carrying out your business.
Unfortunately, the Act as it stands makes no particular allowance for the existence of "small businesses" and contains no special provisions for those who run them. Legally it requires you to comply with the Act in exactly the same way as if you were a large corporation. Under the Data Protection Act 1998 the size of your business is actually immaterial. What is important is the personal information you hold in relation to your business activities.
With the maximum penalty for failing to notify the Information Commissioner of your processing now at a level of a £5000 fine plus costs in the Sherriff’s Courts, or an unlimited fine in the Higher Courts, it is not a subject you can afford to disregard. However, what we do recognise is that those running small businesses work under a great deal of pressure, facing a great many time-consuming administrative demands.
It may be at present you consider the requirements of the Data Protection Act 1998 to be nothing more than a bureaucratic burden. What you will find however is that by following the good information-handling practices contained within the Act, you will be establishing a good set of operating practices which will be of considerable benefit to your business generally.
Note: you are not complying with the data protection legislation merely by having an appropriate privacy policy. Compliance relates to being registered, and how you store and use the data. Telling the World through a privacy policy is only one part.
This document includes provision for:
-
reminder to staff of contractual obligations;
-
identity and contact information;
-
domain name and email address;
-
financial information;
-
additional personal information ;
-
affiliates and other business partners;
-
personal information request.
|
