Since 23 October, organisations have had to meet new obligations and comply with tighter controls on using the personal information they have collected.
Since 23 October, the deadline for the first transitional period of the Data Protection Act 1998, organisations have had to meet new obligations and comply with tighter controls on using the personal information they have collected. Insight Consulting suggests the following tips for ensuring compliance.
Understand how the 1998 Data Protection Act affects your organisation. Ensure that your planned disclosures of personal data are legal, and that consent has been obtained properly. Guarantee that your systems meet the requirement for security contained within the Act’s 7th Principle, by implementing a BS 7799 information security management system. Carry out an audit of your existing registration/notification to ensure that it is accurate and up to date and then verify that your notification to the Commissioner is complete and correct. Review your contractual terms with any data processors to confirm that they reflect the requirements of the Data Protection Act. Conduct a comprehensive risk assessment to ensure compliance with the new Act. Develop and implement a data protection management system to cover:management structure, annual reviews and updates, ad hoc updates, the handling of access requests, enquiries from staff, and developing and managing a programme of staff training.