121 Direct Mail Logo
Terms & Conditions | Privacy Policy | Terms of Use | Legislation | Glossary | Accessibility
0845 4000 121
info@121directmail.co.uk

You are here: Home » News

What Our
Clients Say

"I have been delighted to work with 121 Direct Mail for a number of years.  They have been an excellent company to work with and have always bent over backwards to accommodate our mailings, often at extremely short notice!  I am sure we will continue to work with 121 for many years to come."

JENNY BARRETT

Nov 7, 2011

What you need to know about data protection law

Your business data is one of the most valuable assets your business owns, but with it comes great responsibility. If you collect data on clients, employees or suppliers – whether it's on paper, in databases or online – the Data Protection Act 1998 applies to you. This article explains the basics of the act and your obligations.

 

Category: General

 

Personal privacy is important to us all, yet we entrust our data, including name, address, date of birth and bank details, to numerous organisations on a daily basis. With fraud and identity theft of the increase, keeping your data – and that of your customers, employees and suppliers – has never been more important.
The Data Protection Act provides a legal framework to which anyone who collects data (known as a ‘data controller') needs to adhere to.
Any information that is held must be handled appropriately. The Information Commissioners Office (ICO) has set out eight guiding principles that businesses must follow.

Data must be:

  • Fairly and lawfully processed
  • Processed for specific purposes
  • Adequate, relevant and not excessive
  • Accurate and kept up to date
  • Not kept for longer than is necessary
  • Processed in line with an individual's rights
  • Kept secure
  • Not transferred to other countries outside the European Economic Area.

The Data Protection Act also allows individuals to know what information is being held about them. They can do this by making a ‘subject access request'.

If someone feels that their data is not being managed according to these principles then they can contact the ICO, which may result in your business being investigated and fines being levied.

Last year the ICO was given the power to fine businesses up to £500,000 for breaches of the Data Protection Act.

Do I need to register with the ICO?

The Data Protection Act requires every data controller processing personal data to notify the ICO. Failure to notify is a criminal offence.
Notification is an annual occurrence and costs £35 per year.

Who is exempt?

Your business may be exempt if you only process personal data for core business purposes such as your own marketing and PR, payroll, or invoicing.
Follow the ICO's self-assessment guide to find out if your business needs to register, or call their helpline on 01625 545745. They also provide a checklist for small businesses.

What should I do if someone makes a request?

Individuals have a right to see the personal data that an organisation holds on them, and the right to have it corrected if it is wrong.

As a data controller, you may be sent a ‘subject access request', which is a request to show an individual what personal data you hold on them. If you receive such a request, you must:

  • respond to it within 40 days
  • provide a copy and a description of the data you hold on them
  • advise who the source of the data was
  • give information on how the data is processed
  • give information on which other people or organisations it may have been disclosed to.

You can charge a fee of up to £10 to cover the cost of handling a request.

Who is responsible?

It is not only you, the business owner or manager, who needs to know about your data protection responsibilities. You should make sure that any staff you employ are also aware. Some 80% of security incidents involve staff there is a clear need for all workers to have a basic understanding of the Data Protection Act. Find more information on training staff from the ICO.

Benefits your business

Although there is a legal obligation on your small business to comply with the Data Protection Act, there are also benefits to your business:
  • By keeping your data up to date, you will only send marketing emails and direct marketing campaigns to the most relevant customers and prospects, which will save you time and money.
  • By protecting the information you hold about others, you will not only earn a reputation as a trustworthy business, but you'll prevent a potentially time consuming and costly investigation and other legal consequences should your data fall into the wrong hands.

If you are in doubt, you should seek advice from the Information Commissioner's Office, or from an independent legal professional.

 



Home | About 121 Direct Mail | Direct Mail Services | Data Processing | Quality Assurance | Downloads | Contact Us | News  | Terms of Use  | Privacy Policy  | Terms & Conditions 

121 Direct Mail, Charter House, Latham Close, Bredbury Park Industrial Estate, Bredbury, STOCKPORT, Cheshire, SK6 2SD
Office Telephone: 0845 4000 121 | Fax: 0161 406 7442 | Email: info@121directmail.co.uk

Copyright 2010,2011 121 Direct Mail Ltd.
Designed by Heart New Media