What Is The DPA?
The Data Protection Act (External Link) controls how Personal Identifiable Information (PII) is used by organisations, businesses or the government.
Everybody who is responsible for using and creating data, has to follow strict rules that are called Data Protection 'Principles’, of which there are Eight (8).
Therefore, organisations must make sure that the information is:
Other Key Information is contained within the left hand side navigation menu of links in the Guide to Data Protection Act (External Link) and other key areas of interest for you should be;
- Key Definitions of the Data Protection Act (External Link)
- Conditions for Sharing Data (External Link)
- Data Sharing Code of Practice (External Link)
There are others, so please do take the time to digest the information that the ICO provide in their other sub sections of the Guide to Data Protection Act.
Please also make use of the IS Know How Additional Helpful ICO Guidance & Information page and read through the various ICO provided information and guidance that we're reiterating for your benefit.
Are You Registered?
There is still a large enough amount of third sector organisations that we come into contact with, who don't seem to be fully aware of the ICO's 'Data Controller Register' and exactly what their legal obligations are; where the collection, storage and transfering of personally identifiable information is concerned, during the course of their organisations business activities.
"Under the Data Protection Act individuals and organisations that process personal information need to register with the Information Commissioner's Office (ICO), unless they are exempt.By going through the following questions, you will be able to decide if you – as an individual or on behalf of your business or organisation – need to register with the ICO.CCTVIf you use CCTV on your business premises, you will need to register."
Are We Exempt?
In short, IS Know How cannot possibly advise on this, as it's very much on a case by case basis - business, company or organisation wise. The best thing is for you to head over to the ICO's Exemptions (External Link) page.
A great resource that you should also consider doing, is to take 5 minutes out of your schedule and complete the ICO's very straight forward Do I Need To Register Self-Assessment (External Link)
If in doubt, do contact the ICO directly via Telephone, Live Chat and Email (External Link), and seek their input and advice on your queries about this aspect.
Do You Comply?
As with many things, it's easy to Register for something and no doubt with the correct intentions but then business can get in the way and most can be complicit in becoming sidetracked. Therefore, after registering if required in-line with the above information, is your Organisation actually compliant with the Data Protection Act currently and it's Eight (8) Principles?
Please also make use of the IS Know How Additional Helpful ICO Guidance & Information page, which has taken the many various ICO provided Information and Guidance elements, that we're trying to make as straight forward for your third sector organisations benefit.
Are you already increasing your knowledge surrounding GDPR and are you actually beginning to develop your Third Sectors Organisations adoption and implementation of GDPR - ready for it being live regulation, as from May 25th 2018?
If not, we highly suggest, that you now go to the following IS Know How What is the General Data Protection Regulation? (GDPR) page and read through the ICO's information, that we're reiterating for this and your benefit.
Charitable & Voluntary Data Security Incident Trends
You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Data Security Incident Trends and specifically for 'Charities' that they provide for breaches of the Data Protection Act in regard to Principle 7.
Ready to Access GDPR Solutions Now?
Additionally, why not head over to our GDPR Solutions zone below and see 'How we can assist Charities and Social Enterprises Comply with the EU GDPR.'
ISKH is in no way affiliated with, or working on behalf of the Information Commissioners Office. ISKH is quite simply putting forward the importance of compliance to our target audience(s). Also to support the ICO's drive to show that Data Protection Act compliance, has a positive impact on a business or organisations Cyber / Data Security Positioning. Any externally linked ICO content in the ISKH website, including PDF documents or video media, is offered for information purposes only, as is.