On 1st March the new Data Protection Act came into force. The Act
was introduced as a result of a European Directive and introduces
some significant changes to the Data Protection Regime in the
UK
Andrew RigbyThe Act will have repercussions for those who use the Net as a
means of communication, distribution and commerce. Anyone who has a
Web site will need to consider whether they are complying with Data
Protection legislation and in my experience, many businesses who
currently have Web sites will be breaching the laws relating to
Data Protection and may find themselves subject to enforcement
action.
So far as e-commerce and brochure Web sites are concerned there
are primarily four levels at which the Act will impact, and they
are:-
- Sending information overseas.
It is important to remember what data protection is actually
about. It does not apply to all types of data, but merely "data
relating to a living individual from which that individual may be
recognised". Therefore an e-mail address would come within the
definition, as would a string of numeric numbers. The Act sets out
the eight principles which govern data protection (which should be
read by all using or doing business on the net.
Anyone processing personal data must be registered (called
notification) with the Data Protection Registrar. It used to be the
case under the old Act that if you were exempt from registration
then you were actually exempt from compliance with the Act.
This is not so under the new Act. An alarming number of
Web-based businesses haven't registered with the DPR, and those
that have haven't registered with the Internet in mind. There are
special considerations relating to the Internet, and every business
which uses the Internet should read the guidance.