Data Protection Act 1998

Data Protection Act

We have a great deal of experience helping accountancy and law professionals achieve security compliance for themselves and their clients.

One of the fundamental data protection principles of The Data Protection Act 1998 states that:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Article 17 of EU Directive 95/46/EC 1995 enforces similar requirements for the security of personal data.

From 6 April 2010 the Information Commissioners Office (ICO) will be able to issue fines of up to £500,000 for data security breaches (see article).

The Act defines a number of roles such as the "Data Processor" and the "Data Controller" who inherit the various responsibilites under the act. Unfortunately, organisations are often unaware of which role they are legally obliged to take on.

For example, in the case of a payroll bureau the client is the Data Controller and the bureau is the Data Processor and it is vital that each understands what their legal obligations are regarding data security. The Data Controller in this case has obligations to ensure that the Data Processor is taking adequate measures to protect the personal data (payroll data) of their staff.

Needless to say, the payroll bureau should be doubly aware of its responsibilites as in addition to its legal obligations its commercial reputation is at stake. Please phone us on 0114 242 0242 for some objective advice on how you can comply with the 1998 Act and secure your client data on the internet.