A Refresher on the UK Privacy Laws Affecting Your Business
The UK has a handful of privacy protection enacted to protect personal information. If your organisation collects sensitive consumer and employee data, it’s essential to understand your obligations in relation to each law. In this article, we offer a summary of each law so you can keep your business compliant.
The Data Protection Act
The Data Protection Act of 1998 provides individuals with the right to know what information is held about them and offers a framework to ensure that personal information is handled properly. Under this act, organisations are required to make sure personal data is:
- held securely
- not kept longer than necessary
- protected from unauthorised use
The Information Commissioner’s Office (ICO) enforces all compliance with the act, including levying fines of up to £500,000 for serious breaches.
Both hardcopy and computerised information of a sensitive nature is covered by the Data Protection Act. A key principle states that, “appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” As a result, paper and electronic records should be stored securely, with strict access monitoring controls, to prevent the unauthorised disclosure of personal information.
The Privacy and Electronic Communications Regulations
If your company is sending marketing messages by phone, email, fax or text it must comply with the Privacy and Electronic Communications Regulations (PECR). This legislation makes it unlawful for organisations to send direct marketing to someone who has not specifically granted permission unless there is a previous relationship between the parties.
Penalties for failing to comply with PECR may include the following:
- criminal prosecution
- non-criminal enforcement
The ICO can also serve a monetary penalty notice and impose a fine of up to £500,000.
The Freedom of Information Act
The Freedom of Information (FOI) Act applies to public authorities. Under provisions of this act, public authorities, including government entities, state schools, police departments, and the NHS must publish certain information about their activities. Additionally, members of the public are entitled to request information from public authorities. FOI covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, including:
- printed documents
- computer files
- video and sound recordings
The UK privacy laws we’ve summarised here may directly or indirectly impact how your company stores and manages its information. For more specifics on each law, visit the ICO’s website.
Archive Document Data Storage (ADDS) provides information management solutions for businesses throughout London, Bristol, Bath, and Swindon. For more information, please contact us by phone or complete the form on this page.