DATA PROTECTION

If your website collects any sort of personal information including details obtained using ‘cookies’ then it must comply with the Data Protection Act 1998.

This requires certain processes to be put in place to manage personal data and avoid prosecution.

Website compliance comes from the posting of a carefully drafted Privacy Policy posted on your website..

If you are collecting and storing “personal data”, you are likely to be a “data controller” or “data processor” and, therefore, subject to the Data Protection Act 1998 which sets out obligations and principles relating to the use of personal data.

The Data Protection Act 1998 defines “personal data” as “data which relate to a living individual who can be identified from those data.”

Most businesses will collect and store personal data relating to their customers and increasingly, this process takes place online.

The subjects of personal data (“data subjects”) have certain rights under the Data Protection Act 1998 including rights to be informed as to how their personal date will be used (this is often dealt with in a Privacy Policy, see Web Sites above).

The Act also gives data subjects the right to request and be granted access to any data held by it by a data controller. Businesses should take advice on their obligations under the Data Protection Act 1998. Foot Anstey offers a Data Protection Audit which will identify those areas which are complying within your organisation and those which aren’t. We will recommend and assist in implementing solutions.