Personal data can be defined as information about living, identifiable individuals. The data does not need to be particularly sensitive information - it could just be a person's name and address. Sensitive information covers areas such as a person's racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, trade union membership or non-membership, physical or mental health or condition, sexual life, any actual or suspected criminal offence and any proceedings being brought in connection with this. The Information described here can only be processed in certain restricted circumstances such as the individual involved has freely given explicit written consent to its use for clearly stated purposes, the data is required for legal reasons or the information is needed for ethnic or anti-discriminatory monitoring.
Those that are exempt from compliance with the Data Protection Act 1998 include:
You will probably be required to comply with the Data Protection Act 1998, and to 'notify' the Information Commissioner (this office regulates and enforces the Act) that you are processing personal data. Visit www.ico.gov.uk to determine whether the Act applies to your business, and confirm whether you need to notify the ICO. Alternatively, you can contact the Commissioner's Notification Helpline - 01625 545740.
Click here to go to the Compliance checklist to see whether your business needs to notify the Information Commissioner.
If your business is subject to the Data Protection Act 1998, you have a number of legal responsibilities:
Any rooms and IT systems used to store data must be secure and data which is no longer in use must be destroyed (click here for more information on the secure shredding of confidential data). All staff responsible for handling data should be trained to ensure they comply with the terms of the Data Protection Act 1998 and as part of that training they should be reminded that it is a criminal offence to pass on personal data, either recklessly or for money.
Under the fifth principle of the Data Protection Act, data should only be kept for as long as is necessary to carry out and fulfil the objective of your business. The type of data being stored will determine the length of time the data needs to be held. In any case, businesses should put in place procedures for the secure shredding of confidential data when it becomes obsolete.
Datashred Limited adhere to the standards as outlined by the BSIA. For the secure shredding of paper based data, we will ensure that:
If you think we can help, complete our Request Quote form or for more information go to: