Citation
(2001), "The Data Protection Act 1998", Property Management, Vol. 19 No. 1. https://doi.org/10.1108/pm.2001.11319aab.011
Publisher
:Emerald Group Publishing Limited
Copyright © 2001, MCB UP Limited
The Data Protection Act 1998
The Data Protection Act 1998
The Data Protection Act 1998 came into force on 1 March 2000. It affects every business in the country, no matter what size, and places a number of new obligations on any business that holds or processes personal information on individuals, sole traders, partnerships, company directors or shareholders.
Yet research from Experian, the leading information solutions provider, shows that over 60 per cent of businesses are not even aware that there is a new Data Protection Act. Of those who are aware of the Act, two-thirds do not know how it affects them. Overall, almost 90 per cent of businesses feel they do not know how the new Act affects them and 97 per cent feel they need to know more about the Act.
To help businesses understand how the Act affects them, Experian has published a handy, practical guide which explains all the requirements and responsibilities placed on them by the new legislation. In a foreword to the guide, Elizabeth France, the Data Protection Commissioner, urges readers to study it carefully and seek advice where necessary.
Peter Brooker of Experian, who also warned that failure to comply with the new Act could result in an unlimited fme, explained:
It is vital that anyone in business who keeps personal records relating to individuals, including their customers, shareholders, directors and staff, knows exactly what their new responsibilities are.
The guide explains the major changes from the 1984 Act, what businesses need to do to comply with the Act and what they need to "notify" the Data Protection Commissioner. It also illustrates many key points with practical examples. The guide answers the key questions any business should be asking itself, including:
- •
What are personal records relating to customers/suppliers/staff etc?
- •
What are the new "Data Controllers" and "Data Processors" introduced by the Act and what are their responsibilities?
- •
What does "processing" mean?
- •
How does the Act affect trade and credit references?
- •
How does it affect trading premises that change hands?
- •
Whose consent do I need to collect or process personal information?
- •
How long do I have to comply?
- •
What rights do individuals have over my records?
- •
When is a company director not a director, but an individual?
- •
What do I need to do to comply with the Act?
- •
Will I still be able to share data about my customers?
Peter Brooker added:
The central principle of the 1998 Act is that every bit of personal information a business holds is the property of that individual. They have full rights over that data and can demand to see it at any time. They can also demand compensation if the records are incorrect or damaging – even if they haven't been passed to anyone else.
The Act has widened the definition of personal data so it now encompasses any information on sole traders, partnerships and small limited companies if that information allows anyone to identify an individual person.
It is of great concern to see the lack of awareness among organisations of all types and size of the new regulations despite the efforts of the Data Protection Commissioner's Office. The additional responsibilities that have been placed upon them to ensure that information held about individuals is collected, held and processed fairly and with the consent of those individuals, have not been adequately communicated. It is encouraging, however, to see that, according to our survey, two-thirds of organisations already claim to obtain consent of the individuals to collect data on them.
No business can afford to "wait and see". If you keep personal records of any sort – whether manually or on computer – you have to take action now. The legislation is complex so this handy guide provides many of the answers and gives practical advice on how to comply with the Act. As the Data Protection Registrar herself says in her guidance notes: "Where the rules are clear, there is no excuse for non-compliance and I shall be prepared to enforce rigorously."
The Experian Guide to the Data Protection Act 1998 is free and can be obtained by calling Experian Customer Services on 0115 992 2555 or e-mail: business.information@experian.com.