Hanover Company Services, Ground Floor, One George Yard, London, EC3V 9DF, UK
All companies must comply with the Data Protection Act 1998. The Data Protection Act governs the processing of personal information held on living, identifiable individuals and requires that companies are open about their use of information and process this information correctly. The Data Protection Act also gives individuals the right to access information companies are holding about them.
Personal information is deemed to be information pertaining to living people who can be identified by that information, e.g. staff records or customer databases. The Data Protection Act applies to information held on your computer, some paper-based records and some CCTV systems.
According to the Data Protection Act, a data controller is a person who determines the purposes for which the manner in which personal information is to be processed. If your company is a Limited company, the data controller is the company itself. A data processor, (e.g. member of staff who enters customer details onto your database) acts on behalf of the data controller.
All companies that intend to process any personal information must determine how the Data Protection Act applies to them - it is essential that you meet a condition from Schedule 2 of the Act in order to process personal information and you must ensure that the processing of that information is in compliance with the 8 data protection principles:
The 8 principles are set out in the Data Protection Act. These are a set of rules that data controllers must follow for protecting personal information. Personal data must be: