HomeTechnical Advice

Data Protection

Increasingly organisations recognise the value of collecting and storing data on customers. It helps build relationships, market events and provide funders with evidence of services provided. Below is a summary of what can and cant be done with personal information you collect and store.

Personal details include;

  • names
  • birthday and anniversary dates
  • addresses
  • telephone numbers
  • Fax numbers, e-mail addresses etc

It only applies to that data which is held, or intended to be held, on computers ('equipment operating automatically in response to instructions given for that purpose'), or held in a 'relevant filing system'. Information must be stored with the following framework.

Framework;

  • Data may only be used for the specific purposes for which it was collected.
  • Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
  • Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
  • Personal information may be kept for no longer than is necessary.
  • Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
  • Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner.
  • Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

Also subjects are allowed/have the right to make changes to wrong information. For a data protection checklist and a template data protection statement please click the link below.

http://www.mda.org.uk/members/pdata

For more information on how to create a data protection policy click here.