Facebook Twitter LinkedIn YouTube
East Midlands Chamber News

Information Commissioner gets tough on business

"The Regulatory Action Division has been set up to protect personal information held by businesses, and ensure compliance with the DPA," said ICO assistant commissioner, David Smith."Previously complaints were handled by a compliance team, but now for the first time the ICO has teams of specialists devoted solely to using the Commissioner's powers to bring about compliance with the law."Smith added that the move is designed to make life tougher for the minority of businesses that don't take their data protection obligations seriously. Small firms run the risk of paying fines of up to £5,000 if they don't comply with the DPA.The ICO said it will be actively looking for firms that are breaking the law. "Negotiation will usually be our first option, but we won't hesitate to take legal action swiftly against businesses where the circumstances warrant it," said Smith.The DPA requires businesses to register annually with the ICO, if they hold or use personal data for purposes other than the day-to-day management of their businesses.The ICO recommends that firms ensure they implement policies and procedures that follow the eight main principles of the DPA.These are that data must be:

  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate
  • not kept for longer than necessary
  • processed in line with the rights of the person that the data is about
  • secure
  • not transferred to countries that don't have adequate protection of data.
  • For more information on data protection visit www.informationcommissioner.gov.uk

(c) Business Hotline Publications Ltd 2005