Understanding your obligations and how to comply with ICO guidelines
Every organisation large and small has to comply with current legislation, the Data Protection Act and ICO Guidelines. You’ll find the links useful but you can also download ‘The Guide to Data Protection’ published by the ICO using the link opposite.
Eight top tips for data protection compliance
Consent – Wherever possible, obtain consent before acquiring, holding or using personal data (paper or digital-based)
Sensitive data – be particularly careful with sensitive personal data (mobile which may not be a work phone, race, religion, home address …)
Individual rights – remember individuals have the right to see information held about them including reports, conversations, ‘informal’ comments. Be open. Avoid inappropriate sharing of data
Review files – only create and retain personal data when absolutely necessary. Securely dispose or delete beyond use any data that is out of date or not in use
Dispose of records – All paper containing sensitive or personal data must be destroyed beyond use (not added to general waste). The same applies to information held digitally.
Accuracy – personal data should be kept up to date and accurate. If in doubt, data should not be used
Security – keep all personal data and commercially sensitive information as secure as possible (locked filing cabinets, locked shredding and recycling consoles) with no right to view or access.
Third party processors – be aware who gets access to data (third party mailing houses, waste collectors, recyclers) and how it is treated.
Get help with data protection compliance. Telephone 0800 824 7799 or