The 8 Commandments of Data Compliance

The 8 Commandments of Data Compliance

Here’s something you might not know.

The Great White Shark has 300 teeth.

Here’s another.

The average lifespan of an ant is about 90 days.

And one more.

If your organisation transfers secure personal data and files to external entities, then you are governed by Data Compliance under the Data Protection Act 1998.

This last fact is what we’re going to focus on in this article. Because whether you knew this or not, the fact that you are transferring data and files means that there are certain legal obligations that you have as an organisation.

These legal obligations are outlined in the Data Protection Act 1998. You can read more about it over at the Information Commissioner’s Office website. But this article will summarise the relevant parts that we’ve dubbed ‘the 8 commandments of Data Compliance’.

#1 All Personal Data shall be processed fairly and lawfully

The technical definitions of ‘fairly’ and ‘lawfully’ are dictated by Schedules 2 and Schedules 3 of the Data Protection Act. They cover issues like making sure you have the explicit consent of the data subject (person giving you the data) to collect the data, as well as scenarios in which you might have to share the data with other parties e.g. for legal purposes.

#2 Personal data shall be obtained only for the specific (and lawful) purposes for which it was collected

In other words, be clear on the purposes of collecting the data, and make sure you only use the data in accordance with those purposes that you stated up front.

#3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

Only use data for the purposes that you stated when you collected it.

#4 Personal data shall be accurate and, where necessary, kept up to date

Make sure the data is accurate, and make sure that it’s kept up to date where necessary.

#5 Personal data shall not be kept for longer than is necessary

The Data Protection Act outlines how long you are required to keep data for. Make sure you don’t keep it for longer than necessary.

#6 Personal data shall be processed in accordance with the rights of data subjects under this Act

The people whose data you are keeping have certain rights that you need to be aware of so you can uphold them. Visit the ICO website to read what these rights are.

#7 Personal data shall be kept secure through technical and organisational measures

Technical measures include the use of asymmetric encryption, direct links, track and transfer, and a whole host of security measures built in to products as standard.

And organisational measures refer to the internal procedures and policies that an organisation follows in order to be secure. One of these is an ISO 27001 status, an accreditation that shows the business is compliant with international standards of data security compliance.

#8 Personal data shall be transferred only to countries that offer adequate data protection

Be aware of where your data is being transferred…because you are responsible for where it ends up.

We started the article with some random facts about sharks and ants. Your life won’t necessarily be affected by whether you remember these things or not.

However, if your organisation transfers secure personal data and files to external entities, then it is essential that you are aware and compliant with the ‘8 commandments of data compliance’ as outlined in the Data Protection Act 1998.

This helpful sponsored post was contributed by Maytech, a provider of secure, compliant and reliant data transfer worldwide. For data transfer and global file sharing services you can trust, take a look at their range of bespoke and secure cloud-based file sharing products.

comments powered by Disqus
WinWeb Business Cloud - Creating Financially Sustainable Businesses