The Data Protection Act

Your business will hold a significant amount of personal data on your employees and customers. The Data Protection Act ensures that you handle this information properly. This guide outlines the key areas of the act.

  • What is the Data Protection Act?
  • The Eight Principles
  • The rights of the individual and organisations
  • Enforcement
  • Business benefits

What is the Data Protection Act?

If your business requires you to store people's personal details on computer or on paper records then you must comply with the Act. The information includes details such as customer or employee records. This encompasses names and addresses, bank details and opinions expressed about an individual. The information must be about living, identified or identifiable individuals. The Act is enforced by the Information Commissioner's Office (ICO)
Some organisations have to inform the ICO regarding what they use the information for but others do not.

  • Understand the need to comply with the DPA. It is a legal requirement to do so.

The Eight Principles

The Act is there to ensure that the information you have is handled properly. Anyone who processes personal information must comply with eight principles. These ensure that the information is - fairly and lawfully processed, processed for limited purposes, adequate, relevant and not excessive, accurate and up to date, not kept for longer than necessary, processed in line with an individual's right, kept secure, not transferred to other countries without adequate protection.

  • The Eight Principles must be learnt and adhered to

The rights of the individual and organisations

Individuals have the right to know what information is held about them. If an individual or organisation feel they are being denied access to the personal information that they are entitled to or feel their information has not been handled according to the eight principles they can contact the Information Commissioner's Office for help.

  • Be aware that there are wide rights for individuals under the Act


Complaints are usually dealt with on an informal basis but if that is not possible then enforcement action can be taken. The ICO can issue an enforcement notice if it believes that your business has not complied with one or more of the eight principles. You could face a fine if you fail to comply with an enforcement or information notice. If you are convicted of any other offence under the Act you could face a fine.

  • Failure to follow the eight principles can lead to a fine

The business benefits

The DPA is a legal requirement but following the principles can lead to business benefits as well. It stops you using out of date or bad data which could result in customer complaints.

  • The DPA has business benefits as well.

Smarta Business Builder

To help you on your business journey, we've created Smarta Business Builder, the complete online tools package for growing your business. Website BuilderBusiness PlansAccounting SoftwareLegal Documents and Email - all in one place - from just £20 per month with no contract! Try it out today.

We use cookies to create the most secure and effective website possible for our customers. Full details can be found here