FAQ – Data Protection for UK Businesses

Data Protection
You can never be certain that your business is complying with all the correct legislation and regulations, particularly when it comes to an area as complex as data protection. Yet data protection is something you must get right in order to protect the details of your employees and customers, as well as avoid fines and legal action. One way to ensure compliance with the Data Protection Act is to securely shred office documents. If you are not sure how data protection relates to your documents, take a look at this quick guide.

Q: What Does Personal Data Mean?

A: Personal data is information that is about people who are living and identifiable. Personal data does not necessarily need to be private or sensitive – personal data includes simple things like names and addresses. However, sensitive information is included in the definition of personal data, for example a person’s political views, their health, their criminal past or present, their ethnic origin, or their religious beliefs. The term personal data relates to the data protection act in that this kind of data cannot be freely broadcast unless the individual has expressly given their permission for this to be done.

Q: Does the Data Protection Act Apply to my Business?

A: The Data Protection Act applies to most businesses, large and small, although there are some clear exceptions. For example, if you hold information simply for personal reasons and purposes such as an address book, you are not governed by the Data Protection Act. Also, the Act does not apply if you are holding information for staff administration only or for accounts and records as a non-profit organisation. However, you may need to notify the authorities that you are processing personal data – to check whether you have to comply with the Data Protection Act you should go to the website of the Information Commissioner.

Q: What Responsibilities do I Have as a Business?

A: It is important to comply with the Data Protection Act as there are a number of legal provisions you must meet if your business is governed by the Act. For example, you need to notify the Information Commissioner that you are holding and processing personal data, and you need to let them know the purpose for this data. Also, the personal data held by your business must be processed according to the Data Protection Principles – this includes Document Shredding using a certified shredder like www.simplshred.co.uk. If you hold personal information you must also allow an individual to access their data if they request it.

Q: How Do I Keep Information Safe?

A: There are a variety of ways in which you can ensure document security, such as keeping rooms and IT systems secure, securely shredding documents, and keeping customer and other personal data confidential both within and outside of the organisation through staff training. Documents containing personal data should be destroyed when they are no longer needed in order to fulfil their purpose.