The new Data Protection Act extends the 1984 legislation in a number of areas and provides data subjects with some additional rights.
The new Data Protection Act (1998), which came into force at the beginning of March, extends the 1984 legislation in a number of areas and provides data subjects with some additional rights. For example, manual records are now covered, processing of data can only take place if one of a number of criteria is met, and data controllers must comply with eight data protection principles.
Solicitors Paisner & Co recommend the following steps to ensure compliance:
conduct an audit of all personal data held in order to establish where it is held, by whom and the points of collection
appoint a compliance officer to review current registrations and amend as appropriate
identify sensitive data
consider procedures for obtaining consent from data subjects, reviewing and introducing privacy statements where appropriate
introduce appropriate security measures to prevent unauthorised access to personal data
set up a procedure for dealing with data subject access requests
amend employee contracts and/or staff manuals so as to notify employees about their rights and obligations under the Act
review any contractual terms with third parties relating to the transfer of personal data
ensure that no transfers are made outside of the EEA without meeting appropriate criteria