Data Protection Act - What is the Data Protection Act?
The Data Protection Act (1998) is a UK law that governs the processing and handling of personal information.
Keep your data stored safely in the cloud. Try Debitoor online invoicing software free for 7 days.
The main purpose of the Data Protection Act is to protect individuals from having their personal details misused or mishandled. The Data Protection Act does this in two ways:
- By establishing rights for individuals;
- By creating responsibilities for businesses, organisations, and the government and setting guidelines for the way they handle and store ‘personal data’.
‘Personal data’ refers to information that identifies or is ‘obviously about’ about a specific individual; the Data Protection Act does not cover anonymous or aggregated data.
The eight principles of the Data Protection Act
The Data Protection Act provides eight core principles to follow when it comes to the handling of personal data.
These principles ensure that personal data is:
- Processed fairly and lawfully
- Processed only for specified, lawful, and compatible purposes
- Adequate, relevant, and not excessive for the intended purposes
- Accurate and up-to-date – individuals have the right to have inaccurate personal data corrected or destroyed
- Kept for no longer than necessary
- Processed in line with the rights of the individuals
- Secured against accidental loss, destruction, or damage against unauthorised or unlawful processing
- Not transferred outside the European Economic Area (EEA) unless there is adequate protection.
Whilst all of these principles might seem a bit overwhelming, compliance is essential if you want to avoid hefty fines. The eight principles also tend to overlap with good practice when it comes to the management and handling of personal information, such as keeping personal details up to date.
Data Protection Act and your small business
Virtually all small businesses and start-ups hold personal details of staff, customers, and suppliers – from names, phone numbers, and addresses to bank details and financial information. Any data that is stored on a computer or within a physical filing system must comply with the Data Protection Act, and as an entrepreneur, freelancer, or small business owner, it’s your responsibility to make sure that you’re sticking to the rules.
The Information Commissioner’s Office (ICO) has a useful webinar on data protection for small and medium-sized enterprises.
Data Protection Act and Debitoor
Debitoor’s cloud-based invoicing software strictly adheres to the principles of the Data Protection Act – both regarding the data of our users, as well as the data stored in their accounts.
Find out more about security as a Debitoor user.