The Data Protection in Act 1998 (DPA) applies to all organisations in the UK which handle personal information. Under the legislation, organisations must comply with eight principles set out under schedule 1 of the Act and must ensure that personal data is:
• Fairly and lawfully processed
• Processed for specific reasons
• Adequate, relevant and not excessive
• Accurate and where necessary, kept up to date.
• Not kept longer than necessary
• Processed in line with the rights of the individuals
• Kept secure
• Not transferred to countries outside EEA
Organisations which are in breach of DPA can be fined up to £500k under new powers given to the Information Commissioner (ICO) since April 2010. Furthermore, such a breach can cause the reputational damage and adverse publicity.
At it-grc we can help and assist you in achieving DPA compliance. We offer a wide range of services focussed on DPA including
• DPA Health Check
• Data Protection Audit
• Gap Analysis
• Notification to the ICO
• Policy Documentation and Evaluation
• Policy Implementation
• Awareness and Training for Staff
• Development of Security Processes and Procedures (including SAR)