Employing people
Current section

Recruitment and getting started

 

Paperwork

Comply with data protection legislation
 

Paying your staff
 

Pension schemes
 

Setting the rules
 

Working time and time off
 

Equal opportunities
 

Health, safety and working environment
 

Employee representatives and trade unions
 

Organisational change
 

Skills and training
 

Motivation
 

Dismissals, redundancies and other exits
 

Disciplinary problems, disputes and grievances
 

Comply with data protection legislation

The Data Protection Act

The Data Protection Act 1998 regulates the processing of personal information by data controllers.

Personal information for the purposes of the Act is data about living people who can be identified from that information. Personal information covers information such as customer records and records on staff. The Act applies to information you hold on a computer as well as to some paper-based records. It also applies to some CCTV systems.

Under the Act a person who determines the purposes for which and the manner in which personal information is to be processed is the data controller. In a business (that is not a sole trader or a partnership) the data controller is the organisation itself. An organisation acting on behalf of the data controller is called a data processor.

Before you consider processing any personal information, you need to find out how the Act may apply. You must meet a condition from Schedule 2 of the Act in order to process personal information and ensure that the processing of that information is in compliance with the eight data protection principles.

Sensitive personal information such as medical records and information on religious beliefs are also subject to the Act. You must meet at least one of the conditions in Schedule 3 of the Act before you can process sensitive personal information in addition to a condition from Schedule 2 of the Act. You will again have to ensure that the processing is in compliance with the eight data protection principles. Download compliance advice for small businesses from the Information Commissioner website (PDF).

If your business processes personal information you may need to notify the Information Commissioner of the purposes for which you process personal data. See the page in this guide on notifying the Information Commissioner.

There are some exemptions available from notification. See the page in this guide on exemptions from notifying the Information Commissioner.

The Information Commissioner is responsible for overseeing compliance with the Act. The Commissioner can:

  • conduct an assessment of your processing of personal data if a complaint is received
  • serve an enforcement notice on a data controller requiring the processing of personal data to be brought into compliance with the data protection principles
  • prosecute data controllers or individuals if they commit an offence under the Act

There are potential penalties if your business does not comply. See the page in this guide on enforcement and penalties.

Subjects covered in this guide

 

 Print This Page



Source - Business Link; Crown Copyright.

 
HomeContact UsTerms and Conditions
Driving Recruitment AgencyIndustrial Staffing ServicesTechnical Staffing Services Agency
Driving Job VacanciesIndustrial & Warehousing VacanciesTechnical & Engineering Job Vacancies