Sunday 27 April 2014

Should you be registered?

The Data Protection Act came into existence in 1984 and was updated in 1998. It is a complex piece of legislation with lots of requirements to it, not the easiest read! The legislation has therefore been about for 30 years so pleading ignorance about it's requirements isn't really going to be a defence.

So do you need to register with the Information Commissioners Office (ICO)? If you keep personal information for anything other than producing accounts, then the answer would be yes. For example, if you have a mailing list, then you need to register. If you have client records other than needed for accounts information, then you need to register. If you keep health information about clients, then you need to register. There are a whole host of professions which should be registered.

There is a simple assessment tool on the ICO website which will help you identify whether you need to be registered or not. http://ico.org.uk/for_organisations/data_protection/registration/self-assessment. Registering will cost you £35 and has to be updated annually.

Failing to register is a criminal offence and you can be prosecuted. Recently Becoming Green UK were fined £597 for not being registered and the business owner was also fined £597 and convicted for allowing the company to unlawfully process personal data without notifying with the ICO (section 61 of the Data Protection Act). In total, failing to register cost the owner £1194 and a criminal record, in addition to the bad publicity that has been incurred.

Clients are getting more sensitive about how their information is collected and used. Companies that take care of the information, explain how it is being used and provide detail as to how it is being shared are more likely to be respected and receive repeat business.

If you want to have a discussion about being registered (or not), contact me at lesley@audit-and-risk.co.uk or phone me on 07828 124588.