Home » Running a Business » Legal advice » New legislation and fines for breaching the Data Protection Act

New legislation and fines for breaching the Data Protection Act

Abby Hardoonby Abby Hardoon

New legislation means that companies could be fined up to £500,000 for breaching the Data Protection Act. Read our guide on how to stay on the right side of the law.

Marc Dautlich, solicitor at law firm Olswang, says companies needn’t panic, as the Act is relatively easy to comply with. ‘To be honest, 75 per cent of it is just common sense; all it demands is a little bit of attention,’ he says. ‘Look at your processes in using personal information and appoint someone to oversee your data protection policy.’

‘The obvious concern for large and small organisations is data security, which is really easy to protect,’ says Dautlich. ‘If you have any personal information about employees or customers on a computer, make sure you encrypt it in case that information gets lost.’

Access request

Customers have the right to request a copy of the information you are holding about them, which must be sent within 40 calendar days. Breda Corish, head of market development (materials & healthcare, ICT & electronics) at business services organisation the British Standards Institution, says this is the main reason for companies breaching the act: ‘If a business has no-one to deal with such queries, they may be scrabbling around to find the relevant information and miss the deadline. Just by having a policy in place to deal with such requests, the ICO will look more favourably on your case should you be investigated.’

Up-to-date info

For Michael Evans, solicitor at Davenport Lyons, one of the keys to not falling foul of the Act is to correct errors on your information database promptly. ‘For example, if you have been informed that you are sending material to someone who has died, correct your database immediately. If you don’t and someone complains because they are continuing to receive correspondence and you have caused them distress, this could be viewed as a breach of the Act.’

Inform the ICO

Organisations are obliged to notify the Commissioner of the data they process unless it is for core business purposes, in which case they may be exempt. ‘There is a small but growing number of businesses that are being prosecuted for this, but forms are easy to obtain and complete from the ICO online,’ says Dautlich.

Get permission

You must not send your customers unsolicited marketing information. If you have a website, put a box on the site asking for their permission for you to send them future correspondence. You should also ask your customers the same question if you are speaking to them over the phone or face-to-face.

There are also obvious business reasons for complying with the Act. Even if a customer doesn’t make a formal complaint, you may risk losing their business by mishandling their data. According to Corish, compliance can have the hidden benefit of enhancing marketing strategy: ‘By building up a bank of quality information you should be able to more appropriately target your customers.’

Related Topics

Leave a comment

Related Stories

Legal advice

How to get a sponsor licence in the UK

Baya Immigration lay out what a sponsor licence is, which businesses need it and how you go about applying for one.

Legal advice

Business Companion launch invaluable free guide to Contract Law Basics

This new guide from Business Companion will help navigate contract law and secure the future of your small firm

Legal advice

Which job title is right for you?

Your job title should never be based on your own view, and how comfortable you feel being referred to by a certain position

Employing & managing staff

Five areas of UK employment law businesses must be aware of

Before taking on any employees, it’s important to grasp the basics of employment law. In this piece, we look at what you need to know