Data Protection Policy

The Data Protection Act contains a set of principles that organisations have to adhere to in order to keep someone’s personal data accurate, safe, secure and lawful.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.

They must make sure the information is:

  • Used fairly, lawfully and transparently;
  • Used for specified, explicit purposes;
  • Used in a way that is adequate, relevant and limited to only what is necessary;
  • Accurate and, where necessary, kept up to date;
  • Kept for no longer than is necessary;
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

There is stronger legal protection for more sensitive information, such as:

  • Race;
  • Ethnic background;
  • Political opinions;
  • Religious beliefs;
  • Trade union membership;
  • Genetics;
  • Biometrics (where used for identification);
  • Health;
  • Sex life or orientation.

There are separate safeguards for personal data relating to criminal convictions and offences.

Employers that fail to comply with the Data Protection Act can be prosecuted, resulting in harsh punishments that can include fines of up to £500,000 or action being taken that could result in a prison sentence.

Our experienced consultants can assist you with compiling, regularly reviewing and updating your Data Protection policies and assist with practical actions for improving your data protection compliance.

If you would like to talk to us about your policy requirements, please contact our expert consultancy team on 01708 555544 or complete the enquiry form.