Complying with the Data Protection Act: 3 business bear-traps awaiting the unwary
Visit the website of the Information Commissioner’s Office, and there’s an interesting section entitled ‘Enforcement’. In it, the Commissioner details the various criminal prosecutions that the Office has undertaken in the last few months, together with the enforcement notices that it has issued, and the fines that it has levied.
A startling fact about many of these cases is that they involve very ordinary businesses. A leisure centre. A doctor’s surgery. A lettings agency. A ‘payday loan’ company. An estate agent. And so, and so on.
Another startling fact: despite these cases, a considerable number of businesses either don’t register with the Information Commissioner—thereby signalling their compliance with the Data Protection Act—or register inaccurately, or incompletely.
But even among businesses that have registered fully and accurately, bear-traps remain, catching out the unwary.
How come? Because businesses change and evolve, in short—and without those changes then being reflected in the business’s data protection compliance. Consider, for example, these three straightforward scenarios.
- Part of a business is being sold. A financial services company, for instance, is selling a division which provides independent financial advice. And as part of the transaction, the buyer is acquiring the division’s customer database. From a Data Protection Act compliance point of view, what are the obligations of the buyer—and the seller?
- A business is outsourcing overseas. To better serve its customers, a software firm is contemplating outsourcing its customer support and ‘helpdesk’ activity to a company based in India. This naturally, involves giving the Indian company its customer database. But from a Data Protection Act compliance point of view, is this legally possible?
- A company has built up an extensive customer database, and wants to allow third parties to use it for their own marketing purposes. From a Data Protection Act compliance point of view, what has to be done to avoid falling foul of the law?
Three perfectly straightforward scenarios, in short. But equally, three data protection minefields, with plenty of opportunity for errors—errors of commission, as well as omission.
Simply put, in the heat of a transaction, it’s very easy to forget that there are data protection obligations to be fulfilled. And equally very easy to do something, but do the wrong something.
So what about the specifics of the three scenarios above? The law is quite clear. The Data Protection Act 1998 requires every ‘data controller’ processing personal information—be they a large organisation, or sole trader—to register with the Information Commissioner’s Office, unless they are exempt.
Once registered, they must then protect the data responsibly, guarding against security breaches, maintaining people’s privacy, and—for marketing purposes—complying with both the Data Protection Act and the Privacy and Electronic Communications Regulations. And—for the avoidance of doubt—protecting that data responsibly explicitly excludes sending personal data outside the European Union, unless a number of strictly-defined protocols have been met.
Get it wrong, and—well, that’s where the ‘Enforcement’ section of the Information Commissioner’s website comes in.
But in reality, there’s no need to get it wrong.
At The Legal Director, we specialise in providing clear-cut legal advice in business-friendly language. Providing it affordably, to suit a business’s own needs and workloads. And in a range of offerings stretching from a fixed-fee monthly retainer starting at £100 + VAT for telephone advice, to your own part-time legal director, working alongside your own board of directors.
To find out more, get in touch.
Posted Monday, September 1st, 2014 by Warren RylandTweet
Other Articles In This Category
- GDPR. The clock is ticking: a tough new take on data protection is fast approaching
With effect from 25 May 2018—in other words, less than a year away—your business is exposed to a new regulatory regime backed by hefty fines. And by... read more
6th of September 2017 by Warren Ryland
- Persons of Significant Control: important changes to reporting requirements
It’s barely a year since the introduction of the PSC regime - and already, the compliance requirement has been tightened. And at a time when many businesses... read more
23rd of June 2017 by Warren Ryland
- Avoiding conflict when forming a business: probing questions for potential partners
Every year, several hundred thousand new businesses are created. In 2015, according to the Office for National Statistics, the total was 383,000—the highest... read more
28th of April 2017 by Warren Ryland
- Is your business at risk from the Uber decision? Why your self-employed contractors could really be employees
Fuelled by companies such as ride-hailing business Uber and personal courier firm Deliveroo, the so-called ‘gig economy’ is on the rise. So much so,... read more
12th of January 2017 by Warren Ryland
- The Legal Director - Commended for Innovation in the FT Innovative European Lawyers awards
Law firm The Legal Director (TLD) has been commended in the FT Innovative European Lawyers awards, which were announced at the beginning of this month. TLD ranked... read more
28th of October 2016 by Warren Ryland
- Debt versus Equity - Financing for SMEs
The need for additional finance is often the price of success for small to medium-sized enterprises (SMEs) that are looking to grow. The question that faces the... read more
14th of October 2016 by Warren Ryland
- The deceptive complexity of the Modern Slavery Act
At the end of July, Prime Minister Theresa May launched a cabinet-level government taskforce to eradicate modern slavery in the UK. It was, she said, “one of... read more
31st of August 2016 by Warren Ryland
- How our clients will benefit from the Bar Council's escrow account
Outside the narrow realms of consumer technology, there’s often an inevitable trade-off between cost and quality. In other words, you can have something at... read more
7th of July 2016 by Warren Ryland
- As the net starts to close, the Bribery Act prosecutions begin
As we have written before, the Bribery Act 2010 is a law with undoubted teeth. Fines are potentially unlimited, and custodial sentences can be up to ten... read more
1st of May 2016 by Warren Ryland
- New rules on shareholder identification are now in force
New rules on shareholder identification are now in force - and yet many businesses aren’t aware of them. Does your business have corporate or nominee... read more
12th of April 2016 by Warren Ryland
- First SRA-regulated law firm signs up to Bar Council's escrow account
PRESS RELEASE: The Legal Director has become the first law firm regulated by the Solicitors Regulation Authority (SRA) to sign up to the Bar Council’s... read more
31st of March 2016 by Warren Ryland
- Trade marks: the 3 biggest mistakes to avoid
Wander around a supermarket, or browse the advertisements in newspapers and magazines, and you’ll see trade marks everywhere. And it’s likely, too, that... read more
29th of February 2016 by Warren Ryland
- Avoiding flexible working's hidden pitfalls
You don’t have to look too far to see that traditional modes of employment are increasingly giving way to more flexible working arrangements. Returnee... read more
9th of November 2015 by Warren Ryland
- Are you paying your workers the right amount of holiday pay?
A recent ruling by an Employment Appeal Tribunal is set to cause many businesses a headache. Quite an expensive headache, at that. Simply put, it means that... read more
15th of July 2015 by Warren Ryland
- The Bribery Act 2010: are you running a risk of breaking the law?
To see the difficulties that businesses can get into through bribery - or even allegations of bribery - look no further than the reputational damage suffered... read more
11th of June 2015 by Warren Ryland
- It's official: "Lawyers are not cost-effective"
Imagine, for a moment, that when faced with a serious illness, significant numbers of people took no action. And of those who did take action, around... read more
20th of January 2015 by Warren Ryland
- Could a Shareholder Agreement save your business?
Here at The Legal Director, we’ve recently come across a business where the two co-founders have fallen out -- one is now leaving, in order to set up on his... read more
1st of December 2014 by Warren Ryland
- The high-fee culture that's hobbling British business
Another week, and yet another critical item in the press on the cost of obtaining corporate legal advice. And to be sure, it’s certainly a fairly open goal at... read more
11th of November 2014 by Warren Ryland
- Is crowdfunding the answer to your business's financing challenge?
As the credit crunch and ensuing recession of 2008 began to bite, lending to businesses dried up. To their shock, even long-established, profitable businesses... read more
2nd of September 2014 by Warren Ryland
- What might a Legal Audit reveal about your business?
When we start working with a business we assess their existing legal arrangements to determine how these can be improved and aligned with commercial objectives. We... read more
9th of July 2014 by Warren Ryland