The Act will have repercussions for those who use the Net as a means of communication, distribution and commerce. Anyone who has a Web site will need to consider whether they are complying with Data Protection legislation and in my experience, many businesses who currently have Web sites will be breaching the laws relating to Data Protection and may find themselves subject to enforcement action.
So far as e-commerce and brochure Web sites are concerned there are primarily four levels at which the Act will impact, and they are:-
It is important to remember what data protection is actually about. It does not apply to all types of data, but merely "data relating to a living individual from which that individual may be recognised". Therefore an e-mail address would come within the definition, as would a string of numeric numbers. The Act sets out the eight principles which govern data protection (which should be read by all using or doing business on the net.
Anyone processing personal data must be registered (called notification) with the Data Protection Registrar. It used to be the case under the old Act that if you were exempt from registration then you were actually exempt from compliance with the Act.
This is not so under the new Act. An alarming number of Web-based businesses haven't registered with the DPR, and those that have haven't registered with the Internet in mind. There are special considerations relating to the Internet, and every business which uses the Internet should read the guidance.