You are previewing Data Protection Compliance in the UK, Second Edition.
O'Reilly logo
Data Protection Compliance in the UK, Second Edition

Book Description

An essential introduction to data protection in the UK

Data Protection Compliance in the UK has been published to be an easy-read introduction for any employee required to support compliance with the DPA. This concise book covers:

  • UK and EU data protection regulations
  • The rights of individuals
  • The security obligations of organisation
  • Key definitions, terms and requirements
  • Practical compliance check-lists, covering the steps you must take to reach DPA compliance
  • Additional topics including IT monitoring and interception, enforcement provisions and penalties for non-compliance.

Data Protection Compliance in the UK is essential reading if you have a responsibility for the security of personal data, especially if you are a director, a manager or an IT professional.

Complying with data protection requirements in the UK

All companies hold personal information about their customers in electronic form. Almost all of them will also keep staff records, at least partially, in a computer system. Managing personal information has become a key challenge for all organisations, and one that they are legally obliged to understand.

Your business needs to operate in compliance with the Data Protection Act. This means your company has to take the right steps towards secure management of personal digital information. Under the Data Protection Act, some faults are treated as criminal offences. Where failure to comply is the fault of a manager, the manager can be prosecuted along with the company.

Data Protection Act Penalties

Knowingly, or recklessly, obtaining or disclosing personal data is an offence under Section 55 of the Data Protection Act. In 2009, the Coroners and Justice Act amended the DPA to give the Information Commissioner the power to carry out compulsory assessments of government departments. This year, the government has further tightened the enforcement regime for the DPA.

Since 2010, tougher penalties have been in place, including custodial sentences for deliberate or careless disclosure of personal data. Deliberate, or reckless, disclosure of personal data by your staff will also put you in the firing line as their employer. The Information Commissioner's Office has acquired new powers to fine companies up to £500,000 for serious contraventions of the Data Protection Act.