For many companies today it is important that they understand the implications of the Data Protection Act will have on their business. Certainly, many businesses need to know exactly what this Act is and how it relates to their business and what they need to do to ensure that they remain in line with the rules and regulations set out in it.
In this article, we will take a look at some things which any business needs to take into consideration in order that they comply with it. Firstly let us explain a little bit about what this Act means and the kinds of businesses it applies to.
The Data Protection Act was brought into force because many businesses (large and small) hold personal information on their clients and which should at no stage be provided to others. For these businesses to comply with the Act they need to know about certain legal responsibilities that they will have.
Firstly, they should initially inform the Information German Data Protection Officer that they will be processing information of a personal nature which is only going to be used by those who work within the confines of the business.
Businesses which however only use the personal information they have collected for staff administration purposes or to use for advertising, marketing or public relations issues for their own business are not required to inform the Commissioner of this.
Secondly, they will need to inform the commissioner if they personal information they contain is going to be processed as in accordance with the 8 principles covered by the Act.
Thirdly, if they at any stage are requested to provide the information to those individuals who request it.
The cost of actually notifying the Information Commissioner that you will be holding such personal information in the UK currently costs £35.00 per year. But this is a basic payment and not VAT (value added tax) is charged on top. Although there are some private companies in the UK which allow you to register through them they can charge you well in excess of £95.00 for doing this.
This Act was brought in specifically to cover the personal information that many companies retain on computers although some manual records may also be covered by it as well. It is this act which actually restricts what the holders of such personal information are actually able to do with it and with him they actually share the data tat they hold.
One of the biggest implications of the DS-GVO Data Protection Act is that any company who wishes to provide the information they hold on to a third party must third acquire the consent of the person whose information it is they hold. Therefore as soon as they begin to start to collect process or pass this very sensitive information they need to get the consent of the individual in question before they do so. If not then this could end up in them being called to account for their actions.