Is your business compliant with the Data Protection Acts?

Many companies will collect data on their customers as a matter of course, storing it for promotional or analytical purposes. Such information can be invaluable to a company; however holding such information places obligations on the company to ensure the data is protected.

The Data Protection Acts 1988 and 2003 place responsibilities on those who keep or process personal data. If you are operating a business which process personal data it is important to be aware of these responsibilities and ensure that all staff are trained and aware of what is expected by the law. The Act sets out eight fundamental rules that must be followed. These are:

• To obtain and process information fairly
• To keep it only for lawful proposes
• To use and disclose it only in ways that are compatible with its lawful purpose
• To keep it safe and secure
• To keep it accurate and up to date
• To ensure that it is adequate, relevant and not excessive
• To retain it for no longer than it is necessary for the purpose
• To give a person a copy of the personal data held by you upon request

A business cannot transfer personal data any third party with the consent of the person. Businesses are advised to have an accessible data protection policy and ensure that they have security measures in place to ensure the data is kept safe.

Breaching the Act can have serious consequences and the Data Commissioner has a wide range of powers to investigate complaints made by the public or of his own discretion. A data controller found guilty of an offence under the Acts can be fined up to €100,000 and may be ordered to delete their database.