Data Protection Act - What is the Data Protection Act?
The Data Protection Act (1998) is a UK law that governs the processing and handling of personal information.
Keep your data stored safely in the cloud. Try Debitoor online invoicing software free for 7 days.
The main purpose of the Data Protection Act is to protect individuals from having their personal details misused or mishandled. The Data Protection Act therefore establishes rights for individuals and creates responsibilities for businesses, organisations and the government in the way they handle and store ‘personal data’.
‘Personal data’ refers to information that identifies or is ‘obviously about’ about a specific individual; the Data Protection Act does not cover anonymous or aggregated data.
The eight principles of the Data Protection Act
The Data Protection Act provides eight core principles to follow when it comes to the handling of personal data.
These principles ensure that personal data is:
- Processed fairly and lawfully
- Processed only for specified, lawful and compatible purposes
- Adequate, relevant and not excessive for the intended purposes
- Accurate and up-to-date – individuals have the right to have inaccurate personal data corrected or destroyed
- Kept for no longer than necessary
- Processed in line with the rights of the individuals
- Secured against accidental loss, destruction or damage against unauthorised or unlawful processing
- Not transferred outside the European Economic Area (EEA) unless there is adequate protection.
Whilst all of these principles might seem a bit overwhelming, compliance is essential if you want to avoid hefty fines. The eight principles also tend to overlap with good practice when it comes to the management and handling of personal information, such as keeping personal details up to date.
The Information Commissioner’s Office (ICO) is an independent body created to uphold information rights. They offer further information and answer some of the most common questions about the eight core principles of the Data Protection Act.
Data Protection Act and your small business
Virtually all small businesses and start-ups hold personal details of staff, customers and suppliers – from names, phone numbers and addresses to bank details and financial information. Any data that is stored on a computer or within a physical filing system must comply with the Data Protection Act, and as an entrepreneur, freelancer or small business owner, it’s your responsibility to make sure that you’re sticking to the rules.
The ICO has a useful webinar on data protection for small and medium-sized enterprises. If you want to know more about the practicalities of data protection compliance (and have 45 minutes to spare…) it’s worth checking out.
Data Protection Act and Debitoor
Debitoor’s cloud-based accounting and invoicing software strictly adheres to the strictly adheres to the principles of the Data Protection Act – both regarding the data of our users, as well as the data stored in their accounts. Read more about security as a Debitoor user.