If you are handling, storing or have access to personal data in relation to your business, you must ensure you follow the law in relation to data protection. Under the law titled as “Data Protection Act”, individuals and organisations that handle and process information of personal nature must register with the Information Commissioners Office (ICO), unless they are exempt.

There are a number of variations in terms of the requirements but essentially they are all geared towards protecting the data which you hold. For example, some of the categories are as follows: Charities, Education, Finance, Health, Marketing and small businesses. For the basics for managing personal data, which also includes that of your employees, you should note the following:

  • You should consider whether you actually need the information you hold.
  • Ensure data you hold is safe and secure. Computer systems which data is stored on should be suitably protected.
  • Data changes quickly, so make sure you have processes in place to keep data you need up to date and relevant.
  • Should you receive a request for data from the person you hold data about, you must disclose this.
  • Ensure that everyone in your organisation is aware of their responsibilities in relation to handling data.
  • Know what data your organisation needs to hold for legal or accountability reasons.
  • Hold regular reviews regarding the security of data held.