The Key Thrust To Data protection
1: Tell people what you are going to do with their data before you gather it
2: Within your organisation you need to identify who is the Data Controller
3: If you are capturing and storing names, emails etc you need to have a Data Protection Licence
Data Protection Key Principles
- Personal data includes
- Telephone numbers
- Processing includes
- How the data is obtained
- The approach / techniques used to record the data
- How the data is retained / held within the organisation
- How the data will be used
- Disclosing and erasing of the data
- Data subject: This is the individual about whom personal data is processed
- Any data obtained must be processed fairly and lawfully
- An organisation needs to identify who is assigned to be the Data Controller
- The data controller equals the person who determines the purpose for which and the manner for which personal data is to be processed
- The data controller to notify the Information Commissioners Office (ICO) before processing and failure to notify is a criminal offence. There is a wealth of information on the ICO website
Data Protection Make Sure You Stay Legal
- If you have a website and on that website you have a contact us enquiry form box in which a person adds their personal details and submits a request you need to have a data protection licence.
- If you have been collecting business cards from an exhibition, trade event, networking event etc and are building a database of prospects even if it is a simple spreadsheet you need to comply with data protection.
- If you have purchased (or acquired) a list of prospective customers that you have now stored on your customer relationship management system (Workbooks, Salesforce, Act etc) you need to comply with data protection
- If you have a website which has a data capture form whereby information is fed directly into a mailchimp list – you need to make sure you comply with data protection.