Understanding your obligations and how to comply with ICO guidelines
Every organisation large and small has to comply with current legislation, the General Data Protection Regulation and ICO Guidelines. You’ll find the links useful but you can also download ‘The Guide to the General Data Protection Regulation’ published by the ICO using the link opposite.
Eight top tips for data protection compliance
Purpose limitation – consider the purpose of holding data and clearly state what the purpose is to your data subjects.
Data minimisation –only collect data that is relevant and required. Question whether you do you need to keep this data and whether it can be minimised. Control the amount of data you hold to make it easier to manage.
Accuracy – data must be kept up to date and reviewed on a regular basis. Erase or resolve any data that is inaccurate. Data subjects hold the right to request their data is erased after 30 days.
Storage limitation – consider the amount of time data is stored dependent on the organisation or industry. Ensure data is kept no longer than necessary and if unsure, consult a legal professional for clarity in your industry.
Integrity and confidentiality (security) – ensure appropriate storage and protection of data to guard against the possibility of accidental loss. Encrypt documents, especially if data may be leaving the premises.
Accountability – appoint a data controller to handle data. Take adequate steps to protect data internationally and to resolve a data breach should it occur.
Get help with data protection compliance. Telephone 0800 824 7799 or