If your business holds personal information about individuals, the Data Protection Act 1998 requires you to comply with rules on data protection. In particular you must:
The law also affects how you use personal data for direct-marketing purposes.
You are subject to these regulations if your website collects information on a visitor that allows them to be personally identified, for example by completing an enquiry form or by asking them to register.
Your site must inform people about what you're doing and why you need the information. The simplest way to do this is to display a privacy policy on the website, preferably accessible from the front page. At the very least, you should include your name and address.
The Data Protection Act 1998 requires you to notify the Information Commissioner of the data you're collecting unless you are exempt. Exemptions are possible if you only process personal data for:
Failure to notify is a criminal offence, but don’t be misled by bogus agencies and callers offering to register you for £95.00 plus VAT. The statutory annual notification fee is £35.00, not subject to VAT.
You must comply with the Provisions of the 1998 Act even if you are exempt from notification.
There are eight Data Protection Principles. In summary they require that data shall be:
Further information about compliance with the Data Protection Act 1998 can be obtained from the Information Commissioner’s Office.
Articles in this knowledge base are provided in good faith, but no responsibility can be accepted for the information provided. The material is copyright.
© 2004 to 2006 John Pye Consulting Ltd.
Providing affordable and accessible web site design, web site audit, Internet consultancy and internet marketing advice for small businesses in Stamford. Oakham, Uppingham, Peterborough and the surrounding districts in East Anglia, Lincolnshire, Rutland, Cambridgeshire, Northamptonshire, Leicestershire, Nottinghamshire and East Midlands.