If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information. Under the Data Protection Act you must:

  • Only collect information that you need for a specific purpose
  • Keep it secure
  • Ensure it is relevant and up to date
  • Only hold as much as you need, and only for as long as you need it
  • Allow the subject of the information to see it on request

If you handle personal information you may need to register with the Information Commissioner’s Office (ICO) as a data controller. Notification is a statutory requirement and every organisation that processes personal information must notify the ICO unless they are exempt. Failure to notify is a criminal offence.

The ICO has an online Data Protection Self-Assessment Toolkit which provides a ‘health check’ of where organisations are currently in relation to the specific areas covered in the toolkit: records management, security and the handling of subject access requests.

For the new General Data Protection Regulation (GDPR), which is likely to come in 2018, the ICO has produced a Preparing for the GDPR – 12 Steps guide for organisations to assess current practice in specific areas, and what they should be considering over the next two years.

Organisations can also sign up to the E-newsletter | ICO to stay up to date with new guidance as and when it is released.

More information

The Information Commissioner’s Office (ICO)

ICO Helpline: 0303 123 1113

You can also contact them by Email or live Chat online

SCVO Datawareness Campaign – details of all SCVO work relating to Data Protection